chore(release): bump package version(s) [skip ci]

* added optional dynamic sveltekit options

* changed dynamicOptions function to async

* converted dynamicOptions to a named type

* updated inline docs to show async capabilities

* Update packages/frameworks-sveltekit/src/lib/index.ts

Co-authored-by: Thang Vu <hi@thvu.dev>

* Update packages/frameworks-sveltekit/src/lib/index.ts

Co-authored-by: Thang Vu <hi@thvu.dev>

* Update packages/frameworks-sveltekit/src/lib/index.ts

Co-authored-by: Thang Vu <hi@thvu.dev>

* Update packages/frameworks-sveltekit/src/lib/index.ts

Co-authored-by: Thang Vu <hi@thvu.dev>

* Update packages/frameworks-sveltekit/src/lib/index.ts

Co-authored-by: Thang Vu <hi@thvu.dev>

* refined to a simpler function signature

* removed redundant return statement

* Apply suggestions from code review

---------

Co-authored-by: Thang Vu <hi@thvu.dev>

.eslintignore

@@ -23,8 +23,8 @@ pnpm-lock.yaml
 
 .docusaurus
 build
-docs/docs/reference/03-core
-docs/docs/reference/04-sveltekit
+docs/docs/reference/core
+docs/docs/reference/sveltekit
 static
 
 # --------------- Packages ---------------

.github/ISSUE_TEMPLATE/1_bug_framework.yml

@@ -30,7 +30,7 @@ body:
         Run this command in your project's root folder and paste the result:
 
         ```sh
-        npx envinfo --system --binaries --browsers --npmPackages "next,react,next-auth"
+        npx envinfo --system --binaries --browsers --npmPackages "next,react,next-auth,@auth/*"
         ```
         Alternatively, you can manually gather the version information from your package.json for these packages: "next", "react" and "next-auth". Please also mention your OS and Node.js version, as well as the browser you are using.
     validations:

.github/ISSUE_TEMPLATE/2_bug_provider.yml

@@ -25,12 +25,14 @@ body:
         - "Custom provider"
         - "42 School"
         - "Apple"
+        - "Asgardeo"
         - "Atlassian"
         - "Auth0"
         - "Authentik"
         - "Azure Active Directory"
         - "Azure Active Directory B2C"
         - "Battlenet"
+        - "Beyond Identity"
         - "Box"
         - "Bungie"
         - "Cognito"
@@ -57,6 +59,7 @@ body:
         - "Medium"
         - "Naver"
         - "Netlify"
+        - "Notion"
         - "Okta"
         - "OneLogin"
         - "Osso"
@@ -87,7 +90,7 @@ body:
         Run this command in your project's root folder and paste the result:
 
         ```sh
-        npx envinfo --system --binaries --browsers --npmPackages "next,react,next-auth"
+        npx envinfo --system --binaries --browsers --npmPackages "next,react,next-auth,@auth/*"
         ```
         Alternatively, you can manually gather the version information from your package.json for these packages: "next", "react" and "next-auth". Please also mention your OS and Node.js version, as well as the browser you are using.
     validations:

.github/ISSUE_TEMPLATE/3_bug_adapter.yml

@@ -44,7 +44,7 @@ body:
         Run this command in your project's root folder and paste the result:
 
         ```sh
-        npx envinfo --system --binaries --browsers --npmPackages "next,react,next-auth" && npx envinfo --npmPackages "@next-auth/*"
+        npx envinfo --system --binaries --browsers --npmPackages "next,react,next-auth,@auth/*" && npx envinfo --npmPackages "@next-auth/*"
         ```
         Alternatively, if the above command did not work, we need the version of the following packages from your package.json: "next", "react", "next-auth" and your adapter. Please also mention your OS and Node.js version, as well as the browser you are using.
     validations:

.github/actions/issue-validator/repro.md

@@ -14,9 +14,9 @@ Ensure the link is pointing to a codebase that is accessible (e.g. not a private
 
 ### **What happens if I don't provide a sufficient minimal reproduction?**
 
-Issues with the `incomplete` label that receives no meaningful activity (e.g. new comments with a reproduction link) are automatically closed and locked after 30 days.
+Issues with the `incomplete` label that receives no meaningful activity (e.g. new comments with a reproduction link) are closed after 7 days.
 
-If your issue has _not_ been resolved in that time and it has been closed/locked, please open a new issue with the required reproduction.
+If your issue has _not_ been resolved in that time and it has been closed/locked, please open a new issue with the required reproduction. (It's less likely that we check back on already closed issues.)
 
 ### **I did not open this issue, but it is relevant to me, what can I do to help?**
 

.github/actions/issue-validator/src/index.mjs

@@ -41,13 +41,7 @@ async function run() {
       label: { name: newLabel },
     } = payload
 
-    if (
-      pull_request ||
-      !issue?.body ||
-      !process.env.GITHUB_TOKEN ||
-      !process.env.GITHUB_ACTION_PATH
-    )
-      return
+    if (pull_request || !issue?.body || !process.env.GITHUB_TOKEN) return
 
     const labels = issue.labels.map((l) => l.name)
     // const isBugReport =
@@ -78,7 +72,9 @@ async function run() {
         client.issues.createComment({
           ...issueCommon,
           body: readFileSync(
-            join(process.env.GITHUB_ACTION_PATH, "repro.md"),
+            join(
+              "/home/runner/work/next-auth/next-auth/.github/actions/issue-validator/repro.md"
+            ),
             "utf8"
           ),
         }),

.github/sync.yml

@@ -7,15 +7,12 @@ nextauthjs/sveltekit-auth-example:
   - .github/FUNDING.yml
   - LICENSE
 
-# FIXME: Should re-enable, but currently fails:
-# https://github.com/nextauthjs/next-auth/actions/runs/3811709391/jobs/6484533340
-# (issue seems to be the name of the target repo)
-# nextauthjs/solid-start-auth-example:
-#   - source: "apps/examples/solid-start"
-#     dest: .
-#     deleteOrphaned: true
-#   - .github/FUNDING.yml
-#   - LICENSE
+nextauthjs/solid-start-auth-example:
+  - source: "apps/examples/solid-start"
+    dest: .
+    deleteOrphaned: true
+  - .github/FUNDING.yml
+  - LICENSE
 
 nextauthjs/next-auth-gatsby-example:
   - source: apps/playgrounds/gatsby

.github/workflows/release.yml

@@ -35,6 +35,22 @@ jobs:
           UPSTASH_REDIS_KEY: ${{ secrets.UPSTASH_REDIS_KEY }}
           TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
           TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
+      # - name: Run E2E tests
+      #   if: github.repository == 'nextauthjs/next-auth'
+      #   run: pnpm e2e
+      #   timeout-minutes: 15
+      #   env:
+      #     AUTH0_USERNAME: ${{ secrets.AUTH0_USERNAME }}
+      #     AUTH0_PASSWORD: ${{ secrets.AUTH0_PASSWORD }}
+      #     TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
+      #     TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
+      # - name: Upload E2E artifacts
+      #   if: github.repository == 'nextauthjs/next-auth'
+      #   uses: actions/upload-artifact@v3
+      #   with:
+      #     name: playwright-report
+      #     path: apps/dev/nextjs/playwright-report/
+      #     retention-days: 30
       # - name: Coverage
       #   uses: codecov/codecov-action@v1
       #   with:

.github/workflows/sync-examples.yml

@@ -11,9 +11,9 @@ jobs:
       - name: Checkout Repository
         uses: actions/checkout@v3
       - name: Run GitHub File Sync
-        # Can update to v1 when https://github.com/BetaHuhn/repo-file-sync-action/issues/168 is resolved
-        uses: BetaHuhn/repo-file-sync-action@v1.16.5
+        uses: balazsorban44/repo-file-sync-action@master
         with:
-          GH_PAT: ${{ secrets.GH_PAT_CLASSIC }}
+          GH_PAT: ${{ secrets.GH_PAT }}
+          IS_FINE_GRAINED: true
           SKIP_PR: true
           ORIGINAL_MESSAGE: true

.gitignore

@@ -12,6 +12,7 @@ npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 firebase-debug.log
+ui-debug.log
 .pnpm-debug.log
 
 
@@ -34,13 +35,10 @@ packages/next-auth/utils
 packages/next-auth/core
 packages/next-auth/jwt
 packages/next-auth/react
-packages/next-auth/adapters.d.ts
-packages/next-auth/adapters.js
-packages/next-auth/index.d.ts
-packages/next-auth/index.js
 packages/next-auth/next
-packages/next-auth/middleware.d.ts
-packages/next-auth/middleware.js
+packages/*/*.js
+packages/*/*.d.ts
+packages/*/*.d.ts.map
 
 # Development app
 apps/dev/src/css
@@ -81,14 +79,12 @@ docs/.docusaurus
 docs/providers.json
 
 # Core
-packages/core/*.js
-packages/core/*.d.ts
-packages/core/*.d.ts.map
+packages/core/src/providers/oauth-types.ts
 packages/core/lib
 packages/core/providers
 packages/core/src/lib/pages/styles.ts
-docs/docs/reference/03-core
-docs/docs/reference/04-sveltekit
+docs/docs/reference/core
+docs/docs/reference/sveltekit
 
 
 # SvelteKit
@@ -98,3 +94,7 @@ packages/frameworks-sveltekit/.svelte-kit
 packages/frameworks-sveltekit/package
 packages/frameworks-sveltekit/vite.config.js.timestamp-*
 packages/frameworks-sveltekit/vite.config.ts.timestamp-*
+
+# Adapters
+
+docs/docs/reference/adapter

.prettierignore

@@ -20,8 +20,8 @@ pnpm-lock.yaml
 
 .docusaurus
 build
-docs/docs/reference/03-core
-docs/docs/reference/04-sveltekit
+docs/docs/reference/core
+docs/docs/reference/sveltekit
 static
 docs/providers.json
 

.prettierrc.js

@@ -7,7 +7,7 @@ module.exports = {
   overrides: [
     {
       files: [
-        "apps/dev/pages/api/auth/[...nextauth].ts",
+        "apps/dev/nextjs/pages/api/auth/[...nextauth].ts",
         "docs/{sidebars,docusaurus.config}.js",
       ],
       options: { printWidth: 150 },

apps/dev/nextjs/.env.local.example

@@ -9,20 +9,39 @@ NEXTAUTH_URL=http://localhost:3000
 # and/or verification tokens.
 NEXTAUTH_SECRET=secret
 
+ASGARDEO_CLIENT_ID=
+ASGARDEO_CLIENT_SECRET=
+ASGARDEO_ISSUER=
+
 AUTH0_ID=
 AUTH0_SECRET=
 AUTH0_ISSUER=
 
-KEYCLOAK_ID=
-KEYCLOAK_SECRET=
-KEYCLOAK_ISSUER=
+# Beyond Identity Provider
+BEYOND_IDENTITY_CLIENT_ID=
+BEYOND_IDENTITY_CLIENT_SECRET=
+BEYOND_IDENTITY_ISSUER=
+
+GITHUB_ID=
+GITHUB_SECRET=
+
+NOTION_ID=
+NOTION_SECRET=
+NOTION_REDIRECT_URI=
 
 IDS4_ID=
 IDS4_SECRET=
 IDS4_ISSUER=
 
-GITHUB_ID=
-GITHUB_SECRET=
+KEYCLOAK_ID=
+KEYCLOAK_SECRET=
+KEYCLOAK_ISSUER=
+
+LINE_ID=
+LINE_SECRET=
+
+TRAKT_ID=
+TRAKT_SECRET=
 
 TWITCH_ID=
 TWITCH_SECRET=
@@ -30,11 +49,8 @@ TWITCH_SECRET=
 TWITTER_ID=
 TWITTER_SECRET=
 
-LINE_ID=
-LINE_SECRET=
-
-TRAKT_ID=
-TRAKT_SECRET=
+WIKIMEDIA_ID=
+WIKIMEDIA_SECRET=
 
 # Example configuration for a Gmail account (will need SMTP enabled)
 EMAIL_SERVER=smtps://user@gmail.com:password@smtp.gmail.com:465
@@ -47,12 +63,9 @@ EMAIL_FROM=user@gmail.com
 # MongoDB:  DATABASE_URL=mongodb://nextauth:password@127.0.0.1:27017/nextauth?synchronize=true
 DATABASE_URL=
 
-WIKIMEDIA_ID=
-WIKIMEDIA_SECRET=
-
 # Supabase Example Configuration
 # Supabase Example Configuration
 # NEXT_PUBLIC_SUPABASE_URL=http://localhost:54321
 # SUPABASE_SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6InNlcnZpY2Vfcm9sZSJ9.vI9obAHOGyVVKa3pD--kJlyxp-Z2zV9UUMAhKpNLAcU
 # SUPABASE_JWT_SECRET=super-secret-jwt-token-with-at-least-32-characters-long
-# NEXT_PUBLIC_SUPABASE_ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6ImFub24ifQ.625_WdcF3KHqz5amU0x2X5WWHP-OEs_4qj0ssLNHzTs
+# NEXT_PUBLIC_SUPABASE_ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6ImFub24ifQ.625_WdcF3KHqz5amU0x2X5WWHP-OEs_4qj0ssLNHzTs

apps/dev/nextjs/.gitignore

@@ -0,0 +1,4 @@
+node_modules/
+/test-results/
+/playwright-report/
+/playwright/.cache/

apps/dev/nextjs/components/header.js

@@ -1,5 +1,5 @@
 import Link from "next/link"
-import { signIn, signOut, useSession } from "next-auth/react"
+import { useSession } from "next-auth/react"
 import styles from "./header.module.css"
 
 // The approach used in this component shows how to built a sign in and sign out
@@ -24,14 +24,7 @@ export default function Header() {
               <span className={styles.notSignedInText}>
                 You are not signed in
               </span>
-              <a
-                href="/api/auth/signin"
-                className={styles.buttonPrimary}
-                onClick={(e) => {
-                  e.preventDefault()
-                  signIn()
-                }}
-              >
+              <a href="/api/auth/signin" className={styles.buttonPrimary}>
                 Sign in
               </a>
             </>
@@ -47,14 +40,7 @@ export default function Header() {
                 <strong>{session.user.email} </strong>
                 {session.user.name ? `(${session.user.name})` : null}
               </span>
-              <a
-                href="/api/auth/signout"
-                className={styles.button}
-                onClick={(e) => {
-                  e.preventDefault()
-                  signOut()
-                }}
-              >
+              <a href="/api/auth/signout" className={styles.button}>
                 Sign out
               </a>
             </>

apps/dev/nextjs/package.json

@@ -9,10 +9,12 @@
     "build": "next build",
     "start": "next start",
     "email": "fake-smtp-server",
-    "start:email": "pnpm email"
+    "start:email": "pnpm email",
+    "e2e": "pnpm dlx playwright test"
   },
   "license": "ISC",
   "dependencies": {
+    "@auth/core": "workspace:*",
     "@next-auth/fauna-adapter": "workspace:*",
     "@next-auth/prisma-adapter": "workspace:*",
     "@next-auth/supabase-adapter": "workspace:*",
@@ -22,15 +24,16 @@
     "faunadb": "^4",
     "next": "13.1.1",
     "next-auth": "workspace:*",
-    "@auth/core": "workspace:*",
     "nodemailer": "^6",
     "react": "^18",
     "react-dom": "^18"
   },
   "devDependencies": {
+    "@playwright/test": "1.29.2",
     "@types/jsonwebtoken": "^8.5.5",
     "@types/react": "^18.0.15",
     "@types/react-dom": "^18.0.6",
+    "dotenv": "^16.0.3",
     "fake-smtp-server": "^0.8.0",
     "pg": "^8.7.3",
     "prisma": "^3",

apps/dev/nextjs/pages/api/auth/[...nextauth].ts

@@ -2,9 +2,11 @@ import { Auth, type AuthConfig } from "@auth/core"
 
 // Providers
 import Apple from "@auth/core/providers/apple"
+import Asgardeo from "@auth/core/providers/asgardeo"
 import Auth0 from "@auth/core/providers/auth0"
 import AzureAD from "@auth/core/providers/azure-ad"
 import AzureB2C from "@auth/core/providers/azure-ad-b2c"
+import BeyondIdentity from "@auth/core/providers/beyondidentity"
 import BoxyHQSAML from "@auth/core/providers/boxyhq-saml"
 // import Cognito from "@auth/core/providers/cognito"
 import Credentials from "@auth/core/providers/credentials"
@@ -23,6 +25,7 @@ import Instagram from "@auth/core/providers/instagram"
 import Line from "@auth/core/providers/line"
 import LinkedIn from "@auth/core/providers/linkedin"
 import Mailchimp from "@auth/core/providers/mailchimp"
+import Notion from "@auth/core/providers/notion"
 // import Okta from "@auth/core/providers/okta"
 import Osu from "@auth/core/providers/osu"
 import Patreon from "@auth/core/providers/patreon"
@@ -68,7 +71,7 @@ import WorkOS from "@auth/core/providers/workos"
 
 export const authConfig: AuthConfig = {
   // adapter,
-  // debug: process.env.NODE_ENV !== "production",
+  debug: process.env.NODE_ENV !== "production",
   theme: {
     logo: "https://next-auth.js.org/img/logo/logo-sm.png",
     brandColor: "#1786fb",
@@ -82,6 +85,7 @@ export const authConfig: AuthConfig = {
       },
     }),
     Apple({ clientId: process.env.APPLE_ID, clientSecret: process.env.APPLE_SECRET }),
+    Asgardeo({ clientId: process.env.ASGARDEO_CLIENT_ID, clientSecret: process.env.ASGARDEO_CLIENT_SECRET, issuer: process.env.ASGARDEO_ISSUER }),
     Auth0({ clientId: process.env.AUTH0_ID, clientSecret: process.env.AUTH0_SECRET, issuer: process.env.AUTH0_ISSUER }),
     AzureAD({
       clientId: process.env.AZURE_AD_CLIENT_ID,
@@ -89,6 +93,7 @@ export const authConfig: AuthConfig = {
       tenantId: process.env.AZURE_AD_TENANT_ID,
     }),
     AzureB2C({ clientId: process.env.AZURE_B2C_ID, clientSecret: process.env.AZURE_B2C_SECRET, issuer: process.env.AZURE_B2C_ISSUER }),
+    BeyondIdentity({ clientId: process.env.BEYOND_IDENTITY_CLIENT_ID, clientSecret: process.env.BEYOND_IDENTITY_CLIENT_SECRET, issuer: process.env.BEYOND_IDENTITY_ISSUER }),
     BoxyHQSAML({ issuer: "https://jackson-demo.boxyhq.com", clientId: "tenant=boxyhq.com&product=saml-demo.boxyhq.com", clientSecret: "dummy" }),
     // Cognito({ clientId: process.env.COGNITO_ID, clientSecret: process.env.COGNITO_SECRET, issuer: process.env.COGNITO_ISSUER }),
     Discord({ clientId: process.env.DISCORD_ID, clientSecret: process.env.DISCORD_SECRET }),
@@ -105,6 +110,7 @@ export const authConfig: AuthConfig = {
     Line({ clientId: process.env.LINE_ID, clientSecret: process.env.LINE_SECRET }),
     LinkedIn({ clientId: process.env.LINKEDIN_ID, clientSecret: process.env.LINKEDIN_SECRET }),
     Mailchimp({ clientId: process.env.MAILCHIMP_ID, clientSecret: process.env.MAILCHIMP_SECRET }),
+    Notion({ clientId: process.env.NOTION_ID, clientSecret: process.env.NOTION_SECRET, redirectUri: process.env.NOTION_REDIRECT_URI }),
     // Okta({ clientId: process.env.OKTA_ID, clientSecret: process.env.OKTA_SECRET, issuer: process.env.OKTA_ISSUER }),
     Osu({ clientId: process.env.OSU_CLIENT_ID, clientSecret: process.env.OSU_CLIENT_SECRET }),
     Patreon({ clientId: process.env.PATREON_ID, clientSecret: process.env.PATREON_SECRET }),

apps/dev/nextjs/playwright.config.ts

@@ -0,0 +1,107 @@
+import type { PlaywrightTestConfig } from '@playwright/test';
+import { devices } from '@playwright/test';
+
+/**
+ * Read environment variables from file.
+ * https://github.com/motdotla/dotenv
+ */
+require('dotenv').config();
+
+/**
+ * See https://playwright.dev/docs/test-configuration.
+ */
+const config: PlaywrightTestConfig = {
+  testDir: './tests',
+  /* Maximum time one test can run for. */
+  timeout: 30 * 1000,
+  expect: {
+    /**
+     * Maximum time expect() should wait for the condition to be met.
+     * For example in `await expect(locator).toHaveText();`
+     */
+    timeout: 5000
+  },
+  /* Run tests in files in parallel */
+  fullyParallel: true,
+  /* Fail the build on CI if you accidentally left test.only in the source code. */
+  forbidOnly: !!process.env.CI,
+  /* Retry on CI only */
+  retries: process.env.CI ? 2 : 0,
+  /* Opt out of parallel tests on CI. */
+  workers: process.env.CI ? 1 : undefined,
+  /* Reporter to use. See https://playwright.dev/docs/test-reporters */
+  reporter: 'html',
+  /* Shared settings for all the projects below. See https://playwright.dev/docs/api/class-testoptions. */
+  use: {
+    /* Maximum time each action such as `click()` can take. Defaults to 0 (no limit). */
+    actionTimeout: 0,
+    /* Base URL to use in actions like `await page.goto('/')`. */
+    // baseURL: 'http://localhost:3000',
+
+    /* Collect trace when retrying the failed test. See https://playwright.dev/docs/trace-viewer */
+    trace: 'on-first-retry',
+  },
+
+  /* Configure projects for major browsers */
+  projects: [
+    {
+      name: 'chromium',
+      use: {
+        ...devices['Desktop Chrome'],
+      },
+    },
+
+    {
+      name: 'firefox',
+      use: {
+        ...devices['Desktop Firefox'],
+      },
+    },
+
+    {
+      name: 'webkit',
+      use: {
+        ...devices['Desktop Safari'],
+      },
+    },
+
+    /* Test against mobile viewports. */
+    // {
+    //   name: 'Mobile Chrome',
+    //   use: {
+    //     ...devices['Pixel 5'],
+    //   },
+    // },
+    // {
+    //   name: 'Mobile Safari',
+    //   use: {
+    //     ...devices['iPhone 12'],
+    //   },
+    // },
+
+    /* Test against branded browsers. */
+    // {
+    //   name: 'Microsoft Edge',
+    //   use: {
+    //     channel: 'msedge',
+    //   },
+    // },
+    // {
+    //   name: 'Google Chrome',
+    //   use: {
+    //     channel: 'chrome',
+    //   },
+    // },
+  ],
+
+  /* Folder for test artifacts such as screenshots, videos, traces, etc. */
+  // outputDir: 'test-results/',
+
+  /* Run your local dev server before starting the tests */
+  // webServer: {
+  //   command: 'npm run start',
+  //   port: 3000,
+  // },
+};
+
+export default config;

apps/dev/nextjs/tests/signin.spec.ts

@@ -0,0 +1,39 @@
+import { test, expect } from "@playwright/test"
+
+test("Sign in with Auth0", async ({ page }) => {
+  // Go to NextAuth example app
+  await page.goto("https://next-auth-example.vercel.app")
+
+  // Click 'Sign In'
+  await page.click("#__next > header > div > p > a")
+
+  // Auth0 Login Provider
+  await page.click('body > div > div form[action*="auth0"] > button')
+
+  // Enter Credentials (Username/Password Login) on Auth0 Widget
+  await page.type("#username", process.env.AUTH0_USERNAME!)
+  await page.type("#password", process.env.AUTH0_PASSWORD!)
+
+  // Snap a screenshot
+  // await page.screenshot({ path: "1-auth0-login.png", fullPage: true })
+
+  // Press submit on Auth0 form
+  await page.click('body > div > main > section > div button[type="submit"]')
+
+  // Wait for next-auth example page login status header to appear
+  await page.waitForTimeout(2000)
+
+  // Snap a screenshot
+  // await page.screenshot({
+  //   path: "2-next-auth-redirect-result.png",
+  //   fullPage: false,
+  // })
+
+  // Check session object after successful login
+  const response = await page.goto(
+    "https://next-auth-example.vercel.app/api/auth/session"
+  )
+  const session = await response?.json()
+  expect(session?.user?.email).toBe(process.env.AUTH0_USERNAME)
+  // TODO: Check whole object with .toEqual()
+})

apps/dev/sveltekit/package.json

@@ -19,8 +19,8 @@
     "vite": "4.0.1"
   },
   "dependencies": {
-    "@auth/core": "latest",
-    "@auth/sveltekit": "latest"
+    "@auth/core": "workspace:*",
+    "@auth/sveltekit": "workspace:*"
   },
   "type": "module"
 }

apps/examples/nextjs/README.md

@@ -1,9 +1,14 @@
-> The example repository is maintained from a [monorepo](https://github.com/nextauthjs/next-auth/tree/main/apps/example-nextjs). Pull Requests should be opened against [`nextauthjs/next-auth`](https://github.com/nextauthjs/next-auth).
+> The example repository is maintained from a [monorepo](https://github.com/nextauthjs/next-auth/tree/main/apps/examples/nextjs). Pull Requests should be opened against [`nextauthjs/next-auth`](https://github.com/nextauthjs/next-auth).
 
 <p align="center">
    <br/>
-   <a href="https://next-auth.js.org" target="_blank"><img width="150px" src="https://next-auth.js.org/img/logo/logo-sm.png" /></a>
-   <h3 align="center">NextAuth.js Example App</h3>
+   <a href="https://authjs.dev" target="_blank">
+   <img height="64" src="https://authjs.dev/img/logo/logo-sm.png" />
+   </a>
+   <a href="https://nextjs.org" target="_blank">
+   <img height="64" src="https://nextjs.org/static/favicon/android-chrome-192x192.png" />
+   </a>
+   <h3 align="center"><b>NextAuth.js</b> - Example App</h3>
    <p align="center">
    Open Source. Full Stack. Own Your Data.
    </p>
@@ -25,20 +30,14 @@
 
 ## Overview
 
-NextAuth.js is a complete open source authentication solution.
+NextAuth.js is a complete open-source authentication solution.
 
 This is an example application that shows how `next-auth` is applied to a basic Next.js app.
 
 The deployed version can be found at [`next-auth-example.vercel.app`](https://next-auth-example.vercel.app)
 
-### About NextAuth.js
-
-NextAuth.js is an easy to implement, full-stack (client/server) open source authentication library originally designed for [Next.js](https://nextjs.org) and [Serverless](https://vercel.com). Our goal is to [support even more frameworks](https://github.com/nextauthjs/next-auth/issues/2294) in the future.
-
 Go to [next-auth.js.org](https://next-auth.js.org) for more information and documentation.
 
-> _NextAuth.js is not officially associated with Vercel or Next.js._
-
 ## Getting Started
 
 ### 1. Clone the repository and install dependencies
@@ -98,15 +97,13 @@ npm run start
 
 ### 5. Preparing for Production
 
-Follow the [Deployment documentation](https://next-auth.js.org/deployment)
+Follow the [Deployment documentation](https://authjs.dev/guides/basics/deployment) or deploy the example instantly using [Vercel](https://vercel.com?utm_source=github&utm_medium=readme&utm_campaign=next-auth-example)
+
+[![Deploy with Vercel](https://vercel.com/button)](https://vercel.com/new/git/external?repository-url=https://github.com/nextauthjs/next-auth-example&project-name=next-auth-example&repository-name=next-auth-example)
 
 ## Acknowledgements
 
 <a href="https://vercel.com?utm_source=nextauthjs&utm_campaign=oss">
-<img width="170px" src="https://raw.githubusercontent.com/nextauthjs/next-auth/canary/www/static/img/powered-by-vercel.svg" alt="Powered By Vercel" />
+<img width="170px" src="https://raw.githubusercontent.com/nextauthjs/next-auth/main/docs/static/img/powered-by-vercel.svg" alt="Powered By Vercel" />
 </a>
-<p align="left">Thanks to Vercel sponsoring this project by allowing it to be deployed for free for the entire NextAuth.js Team</p>
-
-## License
-
-ISC
+<p align="left">Thanks to Vercel sponsoring this project by allowing it to be deployed for free for the entire Auth.js Team</p>

apps/examples/nextjs/pages/server.tsx

@@ -3,9 +3,10 @@ import { authOptions } from "./api/auth/[...nextauth]"
 import Layout from "../components/layout"
 
 import type { GetServerSidePropsContext } from "next"
-import type { Session } from "next-auth"
+import { useSession } from "next-auth/react"
 
-export default function ServerSidePage({ session }: { session: Session }) {
+export default function ServerSidePage() {
+  const { data: session } = useSession()
   // As this page uses Server Side Rendering, the `session` will be already
   // populated on render without needing to go through a loading stage.
   return (

apps/examples/solid-start/README.MD

@@ -1,37 +0,0 @@
-# Create JD App
-
-This project was created using [Create JD App](https://github.com/OrJDev/create-jd-app)
-
-## Deploying To Vercel
-
-### Installing
-
-```bash
-npm install solid-start-vercel@latest -D
-```
-
-### Adding to vite config
-
-```ts
-import solid from "solid-start/vite";
-import dotenv from "dotenv";
-import { defineConfig } from "vite";
-// @ts-expect-error no typing
-import vercel from "solid-start-vercel";
-  
-export default defineConfig(() => {
-  dotenv.config();
-  return {
-    plugins: [solid({ ssr: true, adapter: vercel({ edge: false }) })],
-  };
-});
-  
-```
-
-### Enviroment Variables
-
-- `ENABLE_VC_BUILD`=`1` .
-
-### You Are Done
-
-Create a github repo and push your code to it, then deploy it to vercel (:

apps/examples/solid-start/README.md

@@ -0,0 +1,85 @@
+> The example repository is maintained from a [monorepo](https://github.com/nextauthjs/next-auth/tree/main/apps/examples/solid-start). Pull Requests should be opened against [`nextauthjs/next-auth`](https://github.com/nextauthjs/next-auth).
+
+<p align="center">
+   <br/>
+   <a href="https://authjs.dev" target="_blank">
+   <img height="64" src="https://authjs.dev/img/logo/logo-sm.png" />
+   </a>
+   <a href="https://start.solidjs.com" target="_blank">
+   <img height="64" src="https://www.solidjs.com/assets/logo-123b04bc.svg" />
+   </a>
+   <h3 align="center"><b>SolidStart Auth</b> - Example App</h3>
+   <p align="center">
+   Open Source. Full Stack. Own Your Data.
+   </p>
+   <p align="center" style="align: center;">
+      <a href="https://npm.im/@auth/solid-start">
+        <img alt="npm" src="https://img.shields.io/npm/v/@auth/solid-start?color=green&label=@auth/solid-start&style=flat-square">
+      </a>
+      <a href="https://bundlephobia.com/result?p=@auth/solid-start">
+        <img src="https://img.shields.io/bundlephobia/minzip/@auth/solid-start?label=size&style=flat-square" alt="Bundle Size"/>
+      </a>
+      <a href="https://www.npmtrends.com/@auth/solid-start">
+        <img src="https://img.shields.io/npm/dm/@auth/solid-start?label=downloads&style=flat-square" alt="Downloads" />
+      </a>
+      <a href="https://npm.im/@auth/solid-start">
+        <img src="https://img.shields.io/badge/TypeScript-blue?style=flat-square" alt="TypeScript" />
+      </a>
+   </p>
+</p>
+
+## Overview
+
+This is the official SolidStart Auth example for [Auth.js](https://authjs.dev).
+
+
+## Getting started
+
+You can follow the guide below, or click the following button to deploy this example to [Vercel](https://vercel.com?utm_source=github&utm_medium=readme&utm_campaign=solid-start-auth-example).
+
+[![Deploy with Vercel](https://vercel.com/button)](https://vercel.com/new/git/external?repository-url=https://github.com/nextauthjs/solid-start-auth-example&project-name=solid-start-auth-example&repository-name=solid-start-auth-example)
+
+### Installing
+
+```sh
+pnpm add -D solid-start-vercel
+```
+```sh
+npm i -D solid-start-vercel
+```
+```sh
+yarn add -D solid-start-vercel
+```
+
+### Adding to Vite config
+
+```ts
+import solid from "solid-start/vite";
+import dotenv from "dotenv";
+import { defineConfig } from "vite";
+// @ts-expect-error no typing
+import vercel from "solid-start-vercel";
+  
+export default defineConfig(() => {
+  dotenv.config();
+  return {
+    plugins: [solid({ ssr: true, adapter: vercel({ edge: false }) })],
+  };
+});
+  
+```
+
+### Environment Variables
+
+- `ENABLE_VC_BUILD`=`1` .
+
+### Finishing up
+
+Create a GitHub repo and push the code to it, then deploy it to Vercel.
+
+## Acknowledgements
+
+<a href="https://vercel.com?utm_source=nextauthjs&utm_campaign=oss">
+<img width="170px" src="https://raw.githubusercontent.com/nextauthjs/next-auth/main/docs/static/img/powered-by-vercel.svg" alt="Powered By Vercel" />
+</a>
+<p align="left">Thanks to Vercel sponsoring this project by allowing it to be deployed for free for the entire Auth.js Team</p>

apps/examples/solid-start/package.json

@@ -17,7 +17,7 @@
     "vite": "^3.1.0"
   },
   "dependencies": {
-    "@auth/core": "^0.1.4",
+    "@auth/core": "latest",
     "@solid-auth/next": "^0.0.19",
     "@solidjs/meta": "^0.28.0",
     "@solidjs/router": "^0.6.0",

apps/examples/solid-start/src/routes/protected.tsx

@@ -3,7 +3,7 @@ import { Protected } from "~/components";
 export const { routeData, Page } = Protected((session) => {
   return (
     <main class="flex flex-col gap-2 items-center">
-      <h1>This is a proteced route</h1>
+      <h1>This is a protected route</h1>
     </main>
   );
 });

apps/examples/sveltekit/README.md

@@ -1,9 +1,14 @@
-> The example repository is maintained from a [monorepo](https://github.com/nextauthjs/next-auth/tree/main/apps/example-sveltekit). Pull Requests should be opened against [`nextauthjs/next-auth`](https://github.com/nextauthjs/next-auth).
+> The example repository is maintained from a [monorepo](https://github.com/nextauthjs/next-auth/tree/main/apps/examples/sveltekit). Pull Requests should be opened against [`nextauthjs/next-auth`](https://github.com/nextauthjs/next-auth).
 
 <p align="center">
    <br/>
-   <a href="https://authjs.dev" target="_blank"><img width="150px" src="https://authjs.dev/img/logo/logo-sm.png" /></a>
-   <h3 align="center">Auth.js Example App with <a href="https://kit.svelte.dev">SvelteKit</a></h3>
+   <a href="https://authjs.dev" target="_blank">
+   <img height="64" src="https://authjs.dev/img/logo/logo-sm.png" />
+   </a>
+   <a href="https://kit.svelte.dev" target="_blank">
+   <img height="64" src="https://upload.wikimedia.org/wikipedia/commons/1/1b/Svelte_Logo.svg" />
+   </a>
+   <h3 align="center"><b>SvelteKit Auth</b> - Example App</h3>
    <p align="center">
    Open Source. Full Stack. Own Your Data.
    </p>
@@ -11,18 +16,24 @@
       <a href="https://npm.im/@auth/sveltekit">
         <img alt="npm" src="https://img.shields.io/npm/v/@auth/sveltekit?color=green&label=@auth/sveltekit&style=flat-square">
       </a>
-      <a href="https://bundlephobia.com/result?p=sveltekit-auth-example">
+      <a href="https://bundlephobia.com/result?p=@auth/sveltekit">
         <img src="https://img.shields.io/bundlephobia/minzip/@auth/sveltekit?label=size&style=flat-square" alt="Bundle Size"/>
       </a>
       <a href="https://www.npmtrends.com/@auth/sveltekit">
-        <img src="https://img.shields.io/npm/dm/@auth/sveltekit?label=%20downloads&style=flat-square" alt="Downloads" />
+        <img src="https://img.shields.io/npm/dm/@auth/sveltekit?label=downloads&style=flat-square" alt="Downloads" />
       </a>
-      <a href="https://npm.im/next-auth">
+      <a href="https://npm.im/@auth/sveltekit">
         <img src="https://img.shields.io/badge/TypeScript-blue?style=flat-square" alt="TypeScript" />
       </a>
    </p>
 </p>
 
-# Documentation
+## Overview
 
-- [sveltekit.authjs.dev](https://sveltekit.authjs.dev)
+This is the official SvelteKit Auth example for [Auth.js](https://sveltekit.authjs.dev).
+
+## Getting started
+
+You can instantly deploy this example to [Vercel](https://vercel.com?utm_source=github&utm_medium=readme&utm_campaign=sveltekit-auth-example) by clicking the following button.
+
+[![Deploy with Vercel](https://vercel.com/button)](https://vercel.com/new/git/external?repository-url=https://github.com/nextauthjs/sveltekit-auth-example&project-name=sveltekit-auth-example&repository-name=sveltekit-auth-example)

apps/examples/sveltekit/src/routes/+layout.svelte

@@ -20,10 +20,10 @@
                 $page.data.session.user?.name}</strong
             >
           </span>
-          <a href="/auth/signout" class="button">Sign out</a>
+          <a href="/auth/signout" class="button" data-sveltekit-preload-data="off">Sign out</a>
         {:else}
           <span class="notSignedInText">You are not signed in</span>
-          <a href="/auth/signin" class="buttonPrimary">Sign in</a>
+          <a href="/auth/signin" class="buttonPrimary" data-sveltekit-preload-data="off">Sign in</a>
         {/if}
       </p>
     </div>

apps/playgrounds/gatsby/README.md

@@ -22,7 +22,7 @@
 
 ## Overview
 
-Auth.js is a complete open source authentication solution.
+Auth.js is a complete open-source authentication solution.
 
 This is an example application that shows how `@auth/core` is applied to a basic Gatsby app. We are showing how to configure the backend both as a [Vercel Function](https://vercel.com/docs/concepts/functions/introduction) for deployment to Vercel, and also for [Gatsby Functions](https://www.gatsbyjs.com/docs/reference/functions) for other platforms.
 
@@ -30,7 +30,7 @@ The deployed version can be found at [`next-auth-gatsby-example.vercel.app`](htt
 
 ### About Auth.js
 
-Auth.js is an easy to implement, full-stack (client/server) open source authentication library originally designed for [Next.js](https://nextjs.org) and [Serverless](https://vercel.com), but this example shows how to use it in a Gatsby project. Our goal is to [support even more frameworks](https://github.com/nextauthjs/next-auth/issues/2294) in the future.
+Auth.js is an easy-to-implement, full-stack (client/server) open-source authentication library originally designed for [Next.js](https://nextjs.org) and [Serverless](https://vercel.com), but this example shows how to use it in a Gatsby project. Our goal is to [support even more frameworks](https://github.com/nextauthjs/next-auth/issues/2294) in the future.
 
 Go to [authjs.dev](https://authjs.dev) for more information and documentation.
 

apps/playgrounds/gatsby/package.json

@@ -12,7 +12,7 @@
   "dependencies": {
     "dotenv": "^16.0.0",
     "gatsby": "next",
-    "next-auth": "latest",
+    "next-auth": "workspace:*",
     "react": "^18",
     "react-dom": "^18"
   },

apps/playgrounds/nuxt/package.json

@@ -2,11 +2,10 @@
   "name": "playground-nuxt",
   "private": true,
   "scripts": {
-    "build": "nuxt build",
-    "dev": "export NODE_OPTIONS='--no-experimental-fetch' && nuxt dev",
+    "build": "nuxt prepare && nuxt build",
+    "dev": "nuxt prepare &&  export NODE_OPTIONS='--no-experimental-fetch' && nuxt dev",
     "generate": "nuxt generate",
-    "preview": "nuxt preview",
-    "postinstall": "nuxt prepare"
+    "preview": "nuxt preview"
   },
   "devDependencies": {
     "@nuxt/eslint-config": "^0.1.1",

docs/docs/getting-started/01-introduction.md

@@ -5,52 +5,40 @@ sidebar_position: 0
 
 ## About Auth.js
 
-Auth.js is a complete open-source authentication solution for [Next.js](http://nextjs.org/) applications.
+Auth.js is a complete open-source authentication solution for web applications. Check out the live demos of Auth.js in action:
 
-It is designed from the ground up to support Next.js and Serverless.
+- [Next.js](https://next-auth-example.vercel.app/)
+- [SvelteKit](https://sveltekit-auth-example.vercel.app/)
+- [SolidStart](https://auth-solid.vercel.app/)
 
-Check our tutorials to see how easy it is to use Auth.js for authentication:
+Continue to our tutorials to see how to use Auth.js for authentication:
 
 - [Setup with OAuth](/getting-started/oauth-tutorial)
 - [Setup with magic links](/getting-started/email-tutorial)
 - [Integrating with external auth](/getting-started/credentials-tutorial)
 
-### Flexible and easy to use
+### Battery included
 
-- Designed to work with any OAuth service, it supports OAuth 1.0, 1.0A, 2.0 and OpenID Connect
-- Built-in support for [many popular sign-in services](/reference/providers/oauth-builtin)
-- Supports [email / passwordless authentication](/getting-started/email-tutorial)
-- Supports stateless authentication with [any backend](/getting-started/credentials-tutorial) (Active Directory, LDAP, etc)
-- Supports both JSON Web Tokens and database sessions
-- Designed for Serverless but runs anywhere (AWS Lambda, Docker, Heroku, etc…)
+- Built in support for 60+ popular services (Google, Facebook, Auth0, Apple…)
+- Built-in email/password-less/magic link
+- Use with any OAuth 2 or OpenID Connect provider
+- Use with any username/password store
 
-### Own your own data
+### Flexible
+- Runtime agnostic - run anywhere! Vercel Edge Functions, Node.js, Serverless, etc.
+- Use with any modern framework! Next.js, SolidStart, SvelteKit, etc.
+- [Bring Your Own Database](/getting-started/databases) - or none! MySQL, Postgres, MSSQL, MongoDB, etc. Choose database sessions or JWT.
 
-Auth.js can be used with or without a database.
-
-- An open-source solution that allows you to keep control of your data
-- Supports Bring Your Own Database (BYOD) and can be used with any database
-- Built-in support for [MySQL, MariaDB, Postgres, SQL Server, MongoDB and SQLite](/getting-started/databases)
-- Works great with databases from popular hosting providers
-- Can also be used _without a database_ (e.g. OAuth + JWT)
-
-_Note: Email sign-in requires a database to be configured to store single-use verification tokens._
+_Note: Email sign-in requires a database to store single-use verification tokens._
 
 ### Secure by default
-
-- Promotes the use of passwordless sign-in mechanisms
-- Designed to be secure by default and encourage best practices for safeguarding user data
-- Uses Cross-Site Request Forgery Tokens on POST routes (sign in, sign out)
-- Default cookie policy aims for the most restrictive policy appropriate for each cookie
-- When JSON Web Tokens are enabled, they are encrypted by default (JWE) with A256GCM
-- Auto-generates symmetric signing and encryption keys for developer convenience
-- Features tab/window syncing and keepalive messages to support short-lived sessions
-- Attempts to implement the latest guidance published by [Open Web Application Security Project](https://owasp.org/)
-
-Advanced options allow you to define your own routines to handle controlling what accounts are allowed to sign in, for encoding and decoding JSON Web Tokens and to set custom cookie security policies and session properties, so you can control who can sign in and how often sessions have to be re-validated.
+- Signed, prefixed, server-only cookies
+- Built-in CSRF protection
+- Doesn't rely on client-side JavaScript
+- JWT with JWS / JWE / JWK.
 
 ## Credits
 
 Auth.js is an open-source project that is only possible [thanks to contributors](/contributors).
 
-If you would like to financially support the development of Auth.js, you can find more information on our [OpenCollective](https://opencollective.com/nextauth) page.
+To financially support the development of Auth.js, you can check our [OpenCollective](https://opencollective.com/nextauth) page. We appreciate your support 💚.

docs/docs/getting-started/02-oauth-tutorial.mdx

@@ -8,28 +8,43 @@ import gettingClientIdSecretImg from "./img/getting-started-oauth-clientid-secre
 import startAppAndSignInImg from "./img/getting-started-app-start.png"
 import githubAuthCredentials from "./img/getting-started-github-auth.png"
 import nextAuthUserLoggedIn from "./img/getting-started-nextauth-success.png"
+import Tabs from "@theme/Tabs"
+import TabItem from "@theme/TabItem"
 
-We know, authentication is hard. Is a rabbit hole and it's easy to get lost on it. The goal of making Auth.js is that you can add authentication easily to your project with just a few lines of code.
+The goal of Auth.js is that you can add authentication easily to your project with just a few lines of code.
 
-The easiest way is to setup Auth.js with an [OAuth](https://en.wikipedia.org/wiki/OAuth) provider. In this tutorial we'll be setting Auth.js in a **Next.js app** to be able to login with **Github**.
+The fastest way to set up Auth.js is with an [OAuth](/concepts/oauth) provider. In this tutorial, we'll be setting Auth.js in a web application to be able to log in with **GitHub**.
 
 :::info
-Auth.js comes with a long list of [built-in providers](/reference/providers/oauth-builtin) (Google, Facebook, Twitter, etc...) you can also integrate it with your own OAuth service easily by [building a custom provider](/guides/providers/custom-provider). Auth.js can integrate as well with other frameworks like SvelteKit, SolidStart and Gatsby.
+Auth.js comes with a list of [built-in providers](/reference/providers/oauth-builtin) (Google, Facebook, Twitter, etc.). You can also integrate it with your OAuth service by [building a custom provider](/guides/providers/custom-provider).
 :::
 
 ## 1. Configuring Auth.js
 
+To add Auth.js to your project:
+
+<Tabs groupId="frameworks" queryString>
+  <TabItem value="next" label="Next.js" default>
+
+### Prerequisites
+
+This tutorial assumes you have a Next.js application set up. If you don't, you can follow the [Next.js tutorial](https://nextjs.org/learn/basics/create-nextjs-app) to get started.
+
+### Installing NextAuth.js
+
+```bash npm2yarn
+npm install next-auth
+```
+
+:::info
+We are working on a new `@auth/nextjs` package that will make it easier to set up Auth.js with Next.js. Stay tuned! For now, you can use the `next-auth` package.
+:::
+
 ### Creating the server config
 
-To add Auth.js to a [**Next.js**](https://nextjs.org/) project, create the following [API route](https://nextjs.org/docs/api-routes/introduction):
+Create the following [API route](https://nextjs.org/docs/api-routes/dynamic-api-routes#catch-all-api-routes) file. This route contains the necessary configuration for NextAuth.js, as well as the dynamic route handler:
 
-```
-pages/api/auth/[...nextauth].ts
-```
-
-This route will contain the **dynamic route handler** for Auth.js which describes your global auth configuration:
-
-```ts title="pages/api/auth/[...nextauth].js"
+```ts title="pages/api/auth/[...nextauth].ts"
 import NextAuth from "next-auth"
 import GithubProvider from "next-auth/providers/github"
 
@@ -43,16 +58,33 @@ export default NextAuth({
 })
 ```
 
-Behind the scenes this creates all the relevant OAuth API routes within `/api/auth/*` so that auth API requests to:
+:::info
 
-- `/api/auth/callback`
-- `/api/auth/signIn`
-- `/api/auth/signOut`
-- etc...
+Behind the scenes, this creates all the relevant OAuth API routes within `/api/auth/*` so that auth API requests to:
 
-can be handled by Auth.js. In this way, Auth.js stays in charge of handling the whole authentication request/response flow of your application for you.
+- [GET `/api/auth/signin`](https://authjs.dev/reference/rest-api#get--apiauthsignin)
+- [POST `/api/auth/signin/:provider`](https://authjs.dev/reference/rest-api#post--apiauthsigninprovider)
+- [GET/POST `/api/auth/callback/:provider`](https://authjs.dev/reference/rest-api#get--post--apiauthcallbackprovider)
+- [GET `/api/auth/signout`](https://authjs.dev/reference/rest-api#get--apiauthsignout)
+- [POST `/api/auth/signout`](https://authjs.dev/reference/rest-api#post--apiauthsignout)
+- [GET `/api/auth/session`](https://authjs.dev/reference/rest-api#get--apiauthsession)
+- [GET `/api/auth/csrf`](https://authjs.dev/reference/rest-api#get--apiauthcsrf)
+- [GET `/api/auth/providers`](https://authjs.dev/reference/rest-api#get--apiauthproviders)
 
-You may notice there are some environment variables in the code example above. `GITHUB_ID` and `GITHUB_SECRET` are provided by the OAuth provider (in this case **Github**) see ["Configuring OAuth Provider"](/getting-started/oauth-tutorial#2-configuring-oauth-provider) section on how to get those.
+can be handled by NextAuth.js. In this way, NextAuth.js stays in charge of the whole application's authentication request/response flow.
+
+NextAuth.js is fully customizable - [our guides section](/guides/overview) teaches you how to set it up to handle auth in different ways. All the possible configuration options are [listed here](/reference/configuration/auth-config).
+:::
+
+### Adding environment variables
+
+You may notice we are using environment variables in the code example above. We take the value of `GITHUB_ID` and `GITHUB_SECRET` from the GitHub Developer OAuth Portal. See [Configuring OAuth Provider](/getting-started/oauth-tutorial#2-configuring-oauth-provider) section on how to get those.
+
+In your project root, create a `.env.local` file and add the `NEXTAUTH_SECRET` environment variable:
+
+```title=".env.local"
+NEXTAUTH_SECRET="This is an example"
+```
 
 `NEXTAUTH_SECRET` is a random string used by the library to encrypt tokens and email verification hashes, and **it's mandatory to keep things secure**! 🔥 🔐 . You can use:
 
@@ -62,15 +94,11 @@ $ openssl rand -base64 32
 
 or https://generate-secret.vercel.app/32 to generate a random value for it.
 
-:::info
-Auth.js is extremely customizable, [our guides section](/guides/overview) will teach you how you can set it up to handle auth in different ways. All the possible configuration options are [listed here](/reference/configuration/auth-config).
-:::
+### Exposing the session via `SessionProvider`:
 
-### Exposing the session via provider
+NextAuth.js provides [`useSession()`](/reference/react/#usesession) - a [React Hooks](https://reactjs.org/docs/hooks-intro.html) to access the session data and status. To use it first you'll need to expose the session context - [`<SessionProvider />`](/reference/react/#sessionprovider) - at the top level of your application:
 
-To be able to use `useSession` first you'll need to expose the session context, [`<SessionProvider />`](/reference/react/#sessionprovider), at the top level of your application:
-
-```ts title="pages/_app.ts"
+```ts title="pages/_app.tsx"
 import { SessionProvider } from "next-auth/react"
 
 export default function App({
@@ -85,7 +113,7 @@ export default function App({
 }
 ```
 
-Instances of `useSession` (more on it in the next section) will then have access to the session data and status. The `<SessionProvider />` also takes care of keeping the session updated and synced between browser tabs and windows. 💪🏽
+Instances of `useSession` (more on it in the next section) will have access to the session data and status. The `<SessionProvider />` also keep the session updated and synced between browser tabs and windows. 💪🏽
 
 :::tip
 Check our [client docs](/reference/react/) to learn all the available options for handling sessions on the browser.
@@ -93,14 +121,14 @@ Check our [client docs](/reference/react/) to learn all the available options fo
 
 ### Consuming the session via hooks
 
-Auth.js exposes a [`useSession()`](/reference/react/#usesession) React Hook so that you can easily check if someone is signed in:
+You can use the `useSession` hook from anywhere in your application (E.g. in a header component). Behind the scenes, the hook will connect to the `<SessionProvider />` to read the current user session. Learn more about React Context in the [React docs](https://reactjs.org/docs/context.html).
 
 ```ts title="pages/overview.tsx"
 import { useSession, signIn, signOut } from "next-auth/react"
 
 export default function CamperVanPage() {
   const { data: session, status } = useSession()
-  const userEmail = session?.user.email;
+  const userEmail = session?.user.email
 
   if (status === "loading") {
     return <p>Hang on there...</p>
@@ -119,23 +147,22 @@ export default function CamperVanPage() {
   return (
     <>
       <p>Not signed in.</p>
-      <button onClick={() => signIn()}>Sign in</button>
+      <button onClick={() => signIn("github")}>Sign in</button>
     </>
   )
 }
 ```
 
-You can use the `useSession` hook from anywhere in your application (e.g. in a header component). Behind the scenes, the hook will connect to the `<SessionProvider />` to read the current user session.
-
 ### Protecting API Routes
 
-Protecting your custom API Routes (.i.e not allowing a resource to be accessed in case the user is not logged in) is easy! You can use [`getSession()`](/reference/utilities/#getsession) to know whether a session exists or not:
+To protect your API Routes (blocking unauthorized access to resources), you can use [`getServerSession()`](/reference/nextjs#getserversession) to know whether a session exists or not:
 
 ```ts title="pages/api/movies/list.ts"
-import { getSession } from "next-auth/react"
+import { getServerSession } from "next-auth/next"
+import { authOptions } from "../auth/[...nextauth]"
 
 export default async function listMovies(req, res) {
-  const session = await getSession({ req })
+  const session = await getServerSession(req, res, authOptions)
 
   if (session) {
     res.send({
@@ -152,21 +179,33 @@ export default async function listMovies(req, res) {
 }
 ```
 
+  </TabItem>
+  <TabItem value="sveltekit" label="SvelteKit">
+TODO: SvelteKit
+  </TabItem>
+  <TabItem value="solidstart" label="SolidStart">
+TODO: SolidStart
+  </TabItem>
+  <TabItem value="core" label="Vanilla (No Framework)">
+TODO Core
+  </TabItem>
+</Tabs>
+
 ## 2. Configuring OAuth Provider
 
-Ok, we have our Next.js app setup with NextAuth, however, if you run the app right now, it won't work as we haven't configured our OAuth provider (**Github**) yet.
+Ok, we have our app set up with NextAuth.js, however, if you run the app right now, it won't work as we haven't configured our OAuth provider (**GitHub**) yet.
 
 :::info
-When using OAuth you're asking for a third-party service (in this case Github, although it could be Google, Twitter, etc...) to handle user authentication for your app.
+When using OAuth you're asking for a third-party service (in this case GitHub, although it could be Google, Twitter, etc...) to handle user authentication for your app.
 :::
 
-We need to register our new Next.js app in Github, so that when Auth.js forwards the authorization requests to it, Github can recognize your application and prompt the user to sign in.
+We need to register our new app in GitHub, so that when NextAuth.js forwards the authorization requests to it, GitHub can recognize your application and prompt the user to sign in.
 
 <img src={creatingOauthAppImg} />
 
-Log in into **Github**, go to `Settings / Developers / OAuth Apps` and click on "New OAuth App".
+Log in to **GitHub**, go to [`Settings / Developers / OAuth Apps`](https://github.com/settings/developers) and click "New OAuth App"
 
-Next you'll be presented with a screen to add details about your new application. Fill in the required fields, but pay extra attention to the **Authorization Callback URL** one:
+Next, you'll be presented with a screen to add details about your new application. Fill in the required fields, but pay extra attention to the **Authorization Callback URL** one:
 
 <img src={addingCallbackUrlImg} />
 
@@ -176,37 +215,54 @@ The callback URL we insert should have the following pattern:
 [origin]/api/auth/callback/[provider]
 ```
 
-In this case, given we want to try our authentication working locally on our machine and we're using **Github** as our OAuth provider, it'll be:
+In this case, given we want to try our authentication working locally on our machine and we're using **GitHub** as our OAuth provider, it'll be:
+
+<Tabs groupId="frameworks">
+  <TabItem value="next" label="Next.js" default>
 
 ```
 http://localhost:3000/api/auth/callback/github
 ```
 
 :::info
-Auth.js will already magically create this API endpoint for you when we start the application later. Note that because we're using Next.js, locally it starts our server on the port `3000`, hence the origin is `http://localhost:3000`.
+NextAuth.js will already create this API endpoint for you when we start the application later. Note that because we're using Next.js, locally it starts our server on port `3000` by default. Hence, the origin is `http://localhost:3000`.
 :::
 
-Next you'll be presented with the following screen which presents all the configuration for your new OAuth app. For now, let's we need two things from it: the **Client ID** and **Client Secret** for our new OAuth app:
+  </TabItem>
+  <TabItem value="sveltekit" label="SvelteKit">
+
+```
+http://localhost:5173/auth/callback/github
+```
+
+  </TabItem>
+  <TabItem value="solidstart" label="SolidStart">
+    TODO SolidStart
+  </TabItem>
+  <TabItem value="core" label="Vanilla (No Framework)">
+TODO Core
+  </TabItem>
+</Tabs>
+:::info
+The last part of the URL, `[provider]`, is the ID of the provider you're using. In this case, we're using GitHub, so it's `github`. If you're using Google, it'll be `google`, etc... We keep track of the provider IDs internally.
+The same id is used in the `signIn()` method we saw earlier.
+:::
+To register, tap on "Register application" button.
+
+The next screen shows all the configurations for your newly created OAuth app. For now, we need two things from it - the **Client ID** and **Client Secret**:
 
 <img src={gettingClientIdSecretImg} />
 
-The Client ID is always there, a public identifier of your OAuth application within Github. Click on the **Generate a new client Secret** button and should be presented with a new string (which is just a randomized string).
+The Client ID is always there, a public identifier of your OAuth application within GitHub. Click on the **Generate a new client Secret** button and should be presented with a new string (which is just a randomized string).
 
 :::warning
-🔥 Keep both your Client ID and Client Secret secure and never expose them to the public or shared with people outside your organization. With tem a malicious actor could hijack your application and cause you and your user serious problems!
+Keep both your Client ID and Client Secret secure and never expose them to the public or share them with people outside your organization. With them, a malicious actor could hijack your application and cause you and your user serious problems!
 :::
 
-Now let's copy both the Client ID and Client Secret and paste them in an environment file in the root of your project like so:
-
-```title=".env.local"
-GITHUB_ID=12345
-GITHUB_SECRET=67890
-```
-
-Cool! We have finished the configuring our OAuth provider, now let's wire all together so we can finally see authentication working in our app!
+Cool! We have finished configuring our OAuth provider, now let's wire all together so we can finally see authentication working in our app!
 
 :::info
-As noted previously, Auth.js has built-in support for multiple OAuth providers, <a href="">here the full list</a>. You can also easily build your own in case the provider you need is not on the list.
+As noted previously, NextAuth.js has built-in support for multiple OAuth providers, <a href="">here is the full list</a>. You can also easily build your own in case the provider you need is not on the list.
 
 Note that, for each provider, the configuration process will be similar to what we just did:
 
@@ -214,13 +270,25 @@ Note that, for each provider, the configuration process will be similar to what
 2. Create create your OAuth application within it
 3. Set the callback URL
 4. Get the Client ID and Generate a Client Secret
-   :::
+:::
 
 ## 3. Wiring all together
 
-Finally, we just need to reference our **Client ID** and **Client Secret** we just generated in the previous in our Auth.js config. In this way the library will be able to use them when forwarding users to Github, and Github will be able to recognize the request as generated from our application:
+Finally, we just need to reference our **Client ID** and **Client Secret** we just generated in the previous in our Auth.js config. In this way, the library will be able to use them when forwarding users to GitHub, and GitHub will be able to recognize the request as generated from our application.
 
-```ts title="pages/api/auth/[...nextauth].js"
+Now let's copy both the Client ID and Client Secret and paste them into an environment file in the root of your project like so:
+
+```title=".env.local"
+GITHUB_ID=12345
+GITHUB_SECRET=67890
+```
+
+Here is our server configuration file again:
+
+<Tabs groupId="frameworks">
+  <TabItem value="next" label="Next.js" default>
+
+```ts title="pages/api/auth/[...nextauth].ts"
 import NextAuth from "next-auth"
 import GithubProvider from "next-auth/providers/github"
 
@@ -240,50 +308,52 @@ Great! We're now ready to run our application locally. Start the Next.js app by
 $ npm run next dev
 ```
 
+  </TabItem>
+  <TabItem value="sveltekit" label="SvelteKit">
+TODO SvelteKit
+  </TabItem>
+  <TabItem value="solidstart" label="SolidStart">
+TODO SolidStart
+  </TabItem>
+  <TabItem value="core" label="Vanilla (No Framework)">
+TODO Core
+  </TabItem>
+</Tabs>
+
 You should see the following page:
 
 <img src={startAppAndSignInImg} />
 
-Click on "Sign in" and then on "Sign in with Github": Auth.js will redirect you to Github, and Github will recognize our app [that we just registered](#2-configuring-oauth-provider) and ask the user (in this case you) to enter its credentials to proceed:
+Click on "Sign in" and then on "Sign in with GitHub": Auth.js will redirect you to GitHub, and GitHub will recognize our app [that we just registered](#2-configuring-oauth-provider) and ask the user (in this case you) to enter its credentials to proceed:
 
 <img src={githubAuthCredentials} />
 
-Once inserted and correct, Github will redirect the user to our app and Auth.js will take care of any further calls with Github to get access to the user profile and start a user sessions safely in the background:
+Once inserted and correct, GitHub will redirect the user to our app and NextAuth.js will take care of any further calls with GitHub to get access to the user profile and start a user session safely in the background:
 
 <img src={nextAuthUserLoggedIn} />
 
-Great! We have completed the whole E2E authentication flow setup so that users can login in our application through Github!
-
-:::info
-You can create your own Sign In page instead of using the default one from Auth.js. You can learn how to do so in our dedicated guide for it.
-:::
+Great! We have completed the whole E2E authentication flow setup so that users can log in to our application through GitHub!
 
 ## 4. Deploying to production
 
 ### Configuring different environments
 
-It's normal to test your application under different environments. Usually you'll have a development environment (when you run the application locally in your machine), a staging environment (for teams members to try the application) and a production environment.
+It's normal to test your application in different environments. Usually, you'll have a development environment (when you run the application locally on your machine), a staging environment (for team members to try the application), and a production environment.
 
-For each environment, you're going to need to create an OAuth application in your provider respectively, as [we did previously](#2-configuring-oauth-provider), and point the **callback URL** to it.
+For each environment, you need to create an OAuth application in your provider respectively, as [we did previously](#2-configuring-oauth-provider), and point the **callback URL** to it.
 
-For instance in the previous section, we pointed the callback URL to:
+For instance, in the previous section, we pointed the callback URL to `http://localhost:3000/api/auth/callback/github` as we wanted to test our application in the development environment.
 
-```
-http://localhost:3000/api/auth/callback/github
-```
+If we were to deploy our app to production, we would need to create a new **OAuth App** in GitHub (calling it something like "Van life – prod") and point the **callback URL** to our production domain: `https://example.com/api/auth/callback/github`
 
-as we wanted to test our application in the development environment.
-
-If we were to deploy our app to production, we would need to create again a new **OAuth App** in Github (calling it something like "Van life – prod") and point the **callback URL** to our production domain:
-
-```
-https://example.com/api/auth/callback/github
-```
-
-Finally, we would need just to point the environment variables we set ( `GITHUB_ID` and `GITHUB_SECRET` ) to the credentials of the OAuth app we want our application to run against.
+Finally, we would need to point the environment variables we set ( `GITHUB_ID` and `GITHUB_SECRET` ) to the credentials of the OAuth app we want our application to run with.
 
 ### Setting up `NEXTAUTH_URL`
 
+:::tip
+Skip this section if you are deploying to Vercel.
+:::
+
 When deploying your site, **you need to set** the `NEXTAUTH_URL` environment variable to the canonical URL of your website:
 
 ```

docs/docs/getting-started/03-email-tutorial.mdx

@@ -37,7 +37,7 @@ npm install -D nodemailer
 Next we need a [SMTP service](https://sendgrid.com/blog/what-is-an-smtp-server/) which will be in charge of sending emails from our application. There's a number of services available for this, however [here are the ones](http://nodemailer.com/smtp/well-known/) known to work with `nodemailer`.
 
 :::info
-For this tutorial, we're gonna be using [Sendgrid](https://sendgrid.com/), but any of the services linked above should work the same
+For this tutorial, we're going to be using [Sendgrid](https://sendgrid.com/), but any of the services linked above should work the same
 :::
 
 First create an account in and then login to the dashboard, then navigate to "Settings → API Keys" and create an API key:
@@ -60,7 +60,7 @@ SMTP_PORT=587
 EMAIL_FROM={SENDER_EMAIL}
 ```
 
-Note that we're also specifying from which domain email are going to be sent from. You're gonna need to verify [a sender identity](https://docs.sendgrid.com/for-developers/sending-email/sender-identity) so that Sendgrid can send emails from your domain.
+Note that we're also specifying from which domain email are going to be sent from. You're going to need to verify [a sender identity](https://docs.sendgrid.com/for-developers/sending-email/sender-identity) so that Sendgrid can send emails from your domain.
 
 Nice! We're getting there. Now we need to read supply this values as the configuration for our Email Provider. Open `pages/api/auth/[...nextauth].ts` and do the following:
 
@@ -72,11 +72,11 @@ export default NextAuth({
   providers: [
     Email({
       server: {
-        host: process.env.EMAIL_SERVER_HOST,
-        port: Number(process.env.EMAIL_SERVER_PORT),
+        host: process.env.SMTP_HOST,
+        port: Number(process.env.SMTP_PORT),
         auth: {
-          user: process.env.EMAIL_SERVER_USER,
-          pass: process.env.EMAIL_SERVER_PASSWORD,
+          user: process.env.SMTP_USER,
+          pass: process.env.SMTP_PASSWORD,
         },
       },
       from: process.env.EMAIL_FROM,
@@ -147,8 +147,8 @@ import EmailProvider from "next-auth/providers/email"
 
 export default NextAuth({
   secret: process.env.NEXTAUTH_SECRET,
++ adapter: MongoDBAdapter(clientPromise),
   providers: [
-+   adapter: MongoDBAdapter(clientPromise),
     EmailProvider({
       server: {
         host: process.env.EMAIL_SERVER_HOST,
@@ -170,7 +170,7 @@ Now that everything is properly configured, let's try to sign in via email on ou
 
 Let's start by running a Next.js application with NextAuth, making sure the **EmailProvider** and a Database Adapter are properly configured as per the instructions above.
 
-For this tutorial we're gonna be using NextAuth example app. Launch the app and click on "Sign in", we're redirected to the Sign In page:
+For this tutorial we're going to be using NextAuth example app. Launch the app and click on "Sign in", we're redirected to the Sign In page:
 
 <img src={startPageImg} alt="Screenshot of sign in page" />
 
@@ -188,7 +188,7 @@ Let's now check our email, and look for one sent from NextAuth (check your spam
 
 <img src={mailboxImg} alt="Screenshot of mailbox" />
 
-Nice! We got one, coming from the sender specified in the `EMAIL_FROM` environment variable from our configuration above and that's is the sender we verified in Sengrid.
+Nice! We got one, coming from the sender specified in the `EMAIL_FROM` environment variable from our configuration above and that's is the sender we verified in Sendgrid.
 
 Click on "Sign in" and a new browser tab will open, you should then land on your application as authenticated!
 

docs/docs/getting-started/05-typescript.md

@@ -5,7 +5,7 @@ title: TypeScript
 Auth.js has its own type definitions to use in your TypeScript projects safely. Even if you don't use TypeScript, IDEs like VSCode will pick this up to provide you with a better developer experience. While you are typing, you will get suggestions about what certain objects/functions look like, and sometimes links to documentation, examples, and other valuable resources.
 
 Check out the example repository showcasing how to use `next-auth` on a Next.js application with TypeScript:  
-https://github.com/nextauthjs/next-auth-typescript-example
+https://github.com/nextauthjs/next-auth-example
 
 ---
 

docs/docs/guides/03-basics/pages.md

@@ -60,7 +60,7 @@ Example: `/auth/signin?error=Default`
 
 By default, the built-in pages will follow the system theme, utilizing the [`prefer-color-scheme`](https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme) Media Query. You can override this to always use a dark or light theme, through the [`theme.colorScheme` option](/reference/configuration/auth-config#theme).
 
-In addition, you can define a `theme.brandColor` to define a custom accent color for these built-in pages. You can also define a URL to a logo in `theme.logo` which will be rendered above the primary card in these pages.
+In addition, you can define the background color and text color of the button with the `theme.brandColor` and `theme.buttonText` options. You can also define a URL to a logo in `theme.logo` which will be rendered at the top of the card.
 
 #### Sign In
 

docs/docs/guides/03-basics/refresh-token-rotation.md

@@ -2,119 +2,203 @@
 title: Refresh token rotation
 ---
 
-While Auth.js doesn't automatically handle access token rotation for [OAuth providers](/reference/providers/oauth-builtin) yet, this functionality can be implemented using [callbacks](/guides/basics/callbacks).
+Refresh token rotation is the practice of updating an `access_token` on behalf of the user, without requiring interaction (eg.: re-sign in). `access_token`s are usually issued for a limited time. After they expire, the service verifying them will ignore the value. Instead of asking the user to sign in again to obtain a new `access_token`, certain providers support exchanging a `refresh_token` for a new `access_token`, renewing the expiry time. Let's see how this can be achieved.
 
-## Source Code
-
-A working example can be accessed [here](https://github.com/nextauthjs/next-auth-refresh-token-example).
+:::note
+Our goal is to add zero-config support for built-in providers eventually. Let us know if you would like to help.
+:::
 
 ## Implementation
 
+First, make sure that the provider you want to use supports `refresh_token`'s. Check out [The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749#section-6) spec for more details.
+
 ### Server Side
 
-Using a [JWT callback](https://authjs.dev/guides/basics/callbacks#jwt-callback) and a [session callback](https://authjs.dev/guides/basics/callbacks#session-callback), we can persist OAuth tokens and refresh them when they expire.
+Depending on the session strategy, `refresh_token` can be persisted either in a database, or in a cookie, in an encrypted JWT.
+
+:::info
+Using a JWT to store the `refresh_token` is less secure than saving it in a database, and you need to evaluate based on your requirements which strategy you choose.
+:::
+
+#### JWT strategy
+
+Using the [jwt](../../reference/core/types#jwt) and [session](../../reference/core/types#session) callbacks, we can persist OAuth tokens and refresh them when they expire.
 
 Below is a sample implementation using Google's Identity Provider. Please note that the OAuth 2.0 request in the `refreshAccessToken()` function will vary between different providers, but the core logic should remain similar.
 
-```js title="pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-import GoogleProvider from "next-auth/providers/google"
+```ts
+import { Auth } from "@auth/core"
+import { type TokenSet } from "@auth/core/types"
+import Google from "@auth/core/providers/google"
 
-const GOOGLE_AUTHORIZATION_URL =
-  "https://accounts.google.com/o/oauth2/v2/auth?" +
-  new URLSearchParams({
-    prompt: "consent",
-    access_type: "offline",
-    response_type: "code",
-  })
-
-/**
- * Takes a token, and returns a new token with updated
- * `accessToken` and `accessTokenExpires`. If an error occurs,
- * returns the old token and an error property
- */
-async function refreshAccessToken(token) {
-  try {
-    const url =
-      "https://oauth2.googleapis.com/token?" +
-      new URLSearchParams({
-        client_id: process.env.GOOGLE_CLIENT_ID,
-        client_secret: process.env.GOOGLE_CLIENT_SECRET,
-        grant_type: "refresh_token",
-        refresh_token: token.refreshToken,
-      })
-
-    const response = await fetch(url, {
-      headers: {
-        "Content-Type": "application/x-www-form-urlencoded",
-      },
-      method: "POST",
-    })
-
-    const refreshedTokens = await response.json()
-
-    if (!response.ok) {
-      throw refreshedTokens
-    }
-
-    return {
-      ...token,
-      accessToken: refreshedTokens.access_token,
-      accessTokenExpires: Date.now() + refreshedTokens.expires_at * 1000,
-      refreshToken: refreshedTokens.refresh_token ?? token.refreshToken, // Fall back to old refresh token
-    }
-  } catch (error) {
-    console.log(error)
-
-    return {
-      ...token,
-      error: "RefreshAccessTokenError",
-    }
-  }
-}
-
-export default NextAuth({
+export default Auth(new Request("https://example.com"), {
   providers: [
-    GoogleProvider({
-      clientId: process.env.GOOGLE_CLIENT_ID,
-      clientSecret: process.env.GOOGLE_CLIENT_SECRET,
-      authorization: GOOGLE_AUTHORIZATION_URL,
+    Google({
+      clientId: process.env.GOOGLE_ID,
+      clientSecret: process.env.GOOGLE_SECRET,
+      authorization: { params: { access_type: "offline", prompt: "consent" } },
     }),
   ],
   callbacks: {
-    async jwt({ token, user, account }) {
-      // Initial sign in
-      if (account && user) {
+    async jwt({ token, account }) {
+      if (account) {
+        // Save the access token and refresh token in the JWT on the initial login
         return {
-          accessToken: account.access_token,
-          accessTokenExpires: Date.now() + account.expires_at * 1000,
-          refreshToken: account.refresh_token,
-          user,
+          access_token: account.access_token,
+          expires_at: Math.floor(Date.now() / 1000 + account.expires_in),
+          refresh_token: account.refresh_token,
+        }
+      } else if (Date.now() < token.expires_at * 1000) {
+        // If the access token has not expired yet, return it
+        return token
+      } else {
+        // If the access token has expired, try to refresh it
+        try {
+          // https://accounts.google.com/.well-known/openid-configuration
+          // We need the `token_endpoint`.
+          const response = await fetch("https://oauth2.googleapis.com/token", {
+            headers: { "Content-Type": "application/x-www-form-urlencoded" },
+            body: new URLSearchParams({
+              client_id: process.env.GOOGLE_ID,
+              client_secret: process.env.GOOGLE_SECRET,
+              grant_type: "refresh_token",
+              refresh_token: token.refresh_token,
+            }),
+            method: "POST",
+          })
+
+          const tokens: TokenSet = await response.json()
+
+          if (!response.ok) throw tokens
+
+          return {
+            ...token, // Keep the previous token properties
+            access_token: tokens.access_token,
+            expires_at: Math.floor(Date.now() / 1000 + tokens.expires_in),
+            // Fall back to old refresh token, but note that
+            // many providers may only allow using a refresh token once.
+            refresh_token: tokens.refresh_token ?? token.refresh_token,
+          }
+        } catch (error) {
+          console.error("Error refreshing access token", error)
+          // The error property will be used client-side to handle the refresh token error
+          return { ...token, error: "RefreshAccessTokenError" as const }
         }
       }
-
-      // Return previous token if the access token has not expired yet
-      if (Date.now() < token.accessTokenExpires) {
-        return token
-      }
-
-      // Access token has expired, try to update it
-      return refreshAccessToken(token)
     },
     async session({ session, token }) {
-      session.user = token.user
-      session.accessToken = token.accessToken
       session.error = token.error
-
       return session
     },
   },
 })
+
+declare module "@auth/core/types" {
+  interface Session {
+    error?: "RefreshAccessTokenError"
+  }
+}
+
+declare module "@auth/core/jwt" {
+  interface JWT {
+    access_token: string
+    expires_at: number
+    refresh_token: string
+    error?: "RefreshAccessTokenError"
+  }
+}
+```
+
+#### Database strategy
+
+Using the database strategy is very similar, but instead of preserving the `access_token` and `refresh_token`, we save it, well, in the database.
+
+```ts
+import { Auth } from "@auth/core"
+import { type TokenSet } from "@auth/core/types"
+import Google from "@auth/core/providers/google"
+import { PrismaAdapter } from "@next-auth/prisma-adapter"
+import { PrismaClient } from "@prisma/client"
+
+const prisma = new PrismaClient()
+
+export default Auth(new Request("https://example.com"), {
+  adapter: PrismaAdapter(prisma),
+  providers: [
+    Google({
+      clientId: process.env.GOOGLE_ID,
+      clientSecret: process.env.GOOGLE_SECRET,
+      authorization: { params: { access_type: "offline", prompt: "consent" } },
+    }),
+  ],
+  callbacks: {
+    async session({ session, user }) {
+      const [google] = await prisma.account.findMany({
+        where: { userId: user.id, provider: "google" },
+      })
+      if (google.expires_at * 1000 < Date.now()) {
+        // If the access token has expired, try to refresh it
+        try {
+          // https://accounts.google.com/.well-known/openid-configuration
+          // We need the `token_endpoint`.
+          const response = await fetch("https://oauth2.googleapis.com/token", {
+            headers: { "Content-Type": "application/x-www-form-urlencoded" },
+            body: new URLSearchParams({
+              client_id: process.env.GOOGLE_ID,
+              client_secret: process.env.GOOGLE_SECRET,
+              grant_type: "refresh_token",
+              refresh_token: google.refresh_token,
+            }),
+            method: "POST",
+          })
+
+          const tokens: TokenSet = await response.json()
+
+          if (!response.ok) throw tokens
+
+          await prisma.account.update({
+            data: {
+              access_token: tokens.access_token,
+              expires_at: Math.floor(Date.now() / 1000 + tokens.expires_in),
+              refresh_token: tokens.refresh_token ?? google.refresh_token,
+            },
+            where: {
+              provider_providerAccountId: {
+                provider: "google",
+                providerAccountId: google.providerAccountId,
+              },
+            },
+          })
+        } catch (error) {
+          console.error("Error refreshing access token", error)
+          // The error property will be used client-side to handle the refresh token error
+          session.error = "RefreshAccessTokenError"
+        }
+      }
+      return session
+    },
+  },
+})
+
+declare module "@auth/core/types" {
+  interface Session {
+    error?: "RefreshAccessTokenError"
+  }
+}
+
+declare module "@auth/core/jwt" {
+  interface JWT {
+    access_token: string
+    expires_at: number
+    refresh_token: string
+    error?: "RefreshAccessTokenError"
+  }
+}
 ```
 
 ### Client Side
 
-The `RefreshAccessTokenError` error that is caught in the `refreshAccessToken()` method is passed all the way to the client. This means that you can direct the user to the sign in flow if we cannot refresh their token.
+The `RefreshAccessTokenError` error that is caught in the `refreshAccessToken()` method is passed to the client. This means that you can direct the user to the sign-in flow if we cannot refresh their token.
 
 We can handle this functionality as a side effect:
 
@@ -134,3 +218,8 @@ const HomePage() {
 return (...)
 }
 ```
+
+## Source Code
+
+A working example can be accessed [here](https://github.com/nextauthjs/next-auth-refresh-token-example).
+

docs/docs/guides/03-basics/role-based-access-control.md

@@ -0,0 +1,153 @@
+---
+title: Role-based access control
+---
+
+There are two ways to add role-based access control (RBAC) to your application, based on the [session strategy](/concepts/session-strategies) you choose. Let's see an example for each of these.
+
+## Getting the role
+
+We are going to start by adding a `profile()` callback to the providers' config to determine the user role:
+
+```ts title="/pages/api/auth/[...nextauth].ts"
+import NextAuth from "next-auth"
+import Google from "next-auth/providers/google"
+
+export default NextAuth({
+  providers: [
+    Google({
+      profile(profile) {
+        return { role: profile.role ?? "user", ... }
+      },
+      ...
+    })  
+  ],
+})
+```
+
+:::tip
+To determine the user's role, you can either add your logic or if your provider assigns roles already, use that instead.
+:::
+
+## Persisting the role
+### With JWT
+
+When you don't have a database configured, the role will be persisted in a cookie, by using the `jwt()` callback. On sign-in, the `role` property is exposed from the `profile` callback on the `user` object. Persist the `user.role` value by assigning it to `token.role`. That's it!
+
+If you also want to use the role on the client, you can expose it via the `session` callback.
+
+```ts title="/pages/api/auth/[...nextauth].ts"
+import NextAuth from "next-auth"
+import Google from "next-auth/providers/google"
+
+export default NextAuth({
+  providers: [
+    Google({
+      profile(profile) {
+        return { role: profile.role ?? "user", ... }
+      },
+      ...
+    })  
+  ],
+  // highlight-start
+  callbacks: {
+    jwt({ token, user }) {
+      if(user) token.role = user.role
+      return token
+    },
+    session({ session, token }) {
+      session.user.role = token.role
+      return session
+    }
+  }
+  // highlight-end
+})
+```
+
+:::info
+With this strategy, if you want to update the role, the user needs to be forced to sign in again.
+:::
+
+### With Database
+
+When you have a database, you can save the user role on the [User model](/reference/adapters/models#user). The below example is showing you how to do this with Prisma, but the idea is the same for all adapters.
+
+First, add a `role` column to the User model.
+
+```ts title="/prisma/schema.prisma"
+model User {
+  id            String    @id @default(cuid())
+  name          String?
+  email         String?   @unique
+  emailVerified DateTime?
+  image         String?
+  role          String?  // New column
+  accounts      Account[]
+  sessions      Session[]
+}
+```
+
+The `profile()` callback's return value is used to create users in the database. That's it! Your newly created users will now have an assigned role.
+
+If you also want to use the role on the client, you can expose it via the `session` callback.
+
+```ts title="/pages/api/auth/[...nextauth].ts"
+import NextAuth from "next-auth"
+import Google from "next-auth/providers/google"
+  // highlight-next-line
+import prisma from "lib/prisma"
+
+export default NextAuth({
+  // highlight-next-line
+  adapter: PrismaAdapter(prisma),
+  providers: [
+    Google({
+      profile(profile) {
+        return { role: profile.role ?? "user", ... }
+      }
+      ...
+    })  
+  ],
+  // highlight-start
+  callbacks: {
+    session({ session, user }) {
+      session.user.role = user.role
+      return session
+    }
+  }
+  // highlight-end
+})
+```
+
+:::info
+It is up to you how you want to manage to update the roles, either through direct database access or building your role update API.
+:::
+
+## Using the role
+
+If you want to use the role in the client, for both cases above, when using the `useSession` hook, `session.user.role` will have the required role if you exposed it via the `session` callback. You can use this to render a different UI for different users.
+
+```ts title="/pages/admin.tsx"
+import { useSession } from "next-auth/react"
+
+export default function Page() {
+  const session = await useSession()
+
+  if (session?.user.role === "admin") {
+    return <p>You are an admin, welcome!</p>
+  }
+
+  return <p>You are not authorized to view this page!</p>
+}
+```
+
+:::tip
+When using Next.js and JWT, you can alternatively also use [Middleware](https://next-auth.js.org/configuration/nextjs#wrap-middleware) to redirect the user based on their role, even before rendering the page.
+:::
+
+## Resources
+
+- [Concepts: Session strategies](/concepts/session-strategies)
+- [Next.js: Middleware](https://next-auth.js.org/configuration/nextjs#wrap-middleware)
+- [Adapters: User model](/reference/adapters/models#user)
+- [Adapters: Prisma adapter](/reference/adapters/prisma)
+- [TypeScript](/getting-started/typescript)

docs/docs/guides/03-basics/role-based-login-strategy.md

@@ -1,64 +0,0 @@
----
-title: Role based logins
----
-
-To add role based authentication to your application, you must do three things.
-
-1. Update your database schema
-2. Add the `role` to the session object
-3. Check for `role` in your pages/components
-
-First modify the `user` table and add a `role` column with the type of `String?`.
-
-Below is an example Prisma schema file.
-
-```javascript title="/prisma/schema.prisma"
-model User {
-  id            String    @id @default(cuid())
-  name          String?
-  email         String?   @unique
-  emailVerified DateTime?
-  image         String?
-  role          String?  // New Column
-  accounts      Account[]
-  sessions      Session[]
-}
-
-```
-
-Next, implement a custom session callback in the `[...nextauth].js` file, as shown below.
-
-```javascript title="/pages/api/auth/[...nextauth].js"
-callbacks: {
-  async session({ session, token, user }) {
-    session.user.role = user.role; // Add role value to user object so it is passed along with session
-    return session;
-},
-```
-
-Going forward, when using the `getSession` hook, check that `session.user.role` matches the required role. The example below assumes the role `'admin'` is required.
-
-```javascript title="/pages/admin.js"
-import { getSession } from "next-auth/react"
-
-export default function Page() {
-  const session = await getSession({ req })
-
-  if (session && session.user.role === "admin") {
-    return (
-      <div>
-        <h1>Admin</h1>
-        <p>Welcome to the Admin Portal!</p>
-      </div>
-    )
-  } else {
-    return (
-      <div>
-        <h1>You are not authorized to view this page!</h1>
-      </div>
-    )
-  }
-}
-```
-
-Then it is up to you how you manage your roles, either through direct database access or building your own role update API.

docs/docs/guides/07-corporate-proxies/corporate-proxy.md

@@ -2,7 +2,7 @@
 title: Corporate proxy
 ---
 
-Using Auth.js behind a corporate proxy is not supported out of the box. This is due to the fact that the underlying library we use, [`openid-client`](https://npm.im/openid-client) which uses the built-in Node.js `http` / `https` libraries, and those do not support proxys by default:
+Using Auth.js behind a corporate proxy is not supported out of the box. This is due to the fact that the underlying library we use, [`openid-client`](https://npm.im/openid-client) which uses the built-in Node.js `http` / `https` libraries, and those do not support proxies by default:
 
 - [`http` docs](https://nodejs.org/dist/latest-v18.x/docs/api/http.html)
 - [`https` docs](https://nodejs.org/dist/latest-v18.x/docs/api/https.html)

docs/docs/guides/08-other/ldap-auth.md

@@ -26,7 +26,7 @@ export default NextAuth({
         password: { label: "Password", type: "password" },
       },
       async authorize(credentials, req) {
-        // You might want to pull this call out so we're not making a new LDAP client on every login attemp
+        // You might want to pull this call out so we're not making a new LDAP client on every login attempt
         const client = ldap.createClient({
           url: process.env.LDAP_URI,
         })

docs/docs/reference/04-providers/02-oauth-builtin.mdx

@@ -1,14 +1,14 @@
 ---
 title: Available OAuth providers
-sidebar_label: Oauth providers
+sidebar_label: OAuth providers
 ---
 
-Authentication Providers in **Auth.js** are services that can be used to sign in a user.
+Authentication Providers in **Auth.js** are services that can be used to sign a user in.
 
 Auth.js comes with a set of built-in providers. You can find them [here](https://github.com/nextauthjs/next-auth/tree/main/packages/core/src/providers). Each built-in provider has its own documentation page:
 
 :::note
-Auth.js is designed to work with any OAuth service, it supports **OAuth 1.0**, **1.0A**, **2.0** and **OpenID Connect (OIDC)** and has built-in support for most popular sign-in services.
+Auth.js supports any **2.x** and **OpenID Connect (OIDC)** compliant providers and has built-in support for the most popular services.
 :::
 
 <ul>

docs/docs/reference/04-providers/04-email.md

@@ -16,4 +16,4 @@ sidebar_label: Email options
 See our guides on magic links authentication for further tips on how to customize this provider:
 
 - [Tutorial](/getting-started/email-tutorial)
-- [Guide deep-dive](guides/providers/email)
+- [Guide deep-dive](/guides/providers/email)

docs/docs/reference/04-solidstart/index.md

@@ -23,8 +23,8 @@ AUTH_SECRET=your_auth_secret
 in this example we are using github so make sure to set the following environment variables:
 
 ```
-GITHUB_ID=your_github_oatuh_id
-GITHUB_SECRET=your_github_oatuh_secret
+GITHUB_ID=your_github_oauth_id
+GITHUB_SECRET=your_github_oauth_secret
 ```
 
 ```ts

docs/docs/reference/04-solidstart/protected.md

@@ -11,7 +11,7 @@ When using SSR, I recommend creating a `Protected` component that will trigger s
 
 ```tsx
 // components/Protected.tsx
-import { type Session } from "@auth/core";
+import { type Session } from "@auth/core/types";
 import { getSession } from "@auth/solid-start";
 import { Component, Show } from "solid-js";
 import { useRouteData } from "solid-start";
@@ -60,7 +60,7 @@ import Protected from "~/components/Protected";
 export const { routeData, Page } = Protected((session) => {
   return (
     <main class="flex flex-col gap-2 items-center">
-      <h1>This is a proteced route</h1>
+      <h1>This is a protected route</h1>
     </main>
   );
 });
@@ -70,7 +70,7 @@ export default Page;
 
 ## When Using CSR
 
-When using CSR, the `Protected` component will not work as expected and will cause the screen to flash, so I had to come up with a tricky solution, we will use a Solid-Start middleare:
+When using CSR, the `Protected` component will not work as expected and will cause the screen to flash, so I had to come up with a tricky solution, we will use a Solid-Start middleware:
 
 ```tsx
 // entry-server.tsx
@@ -110,10 +110,10 @@ And now you can easily create a protected route:
 export default () => {
   return (
     <main class="flex flex-col gap-2 items-center">
-      <h1>This is a proteced route</h1>
+      <h1>This is a protected route</h1>
     </main>
   );
 };
 ```
 
-**Note: the CSR method should also work when using SSR, the SSR method shouldn't work when using CSR**
+**Note: the CSR method should also work when using SSR, the SSR method shouldn't work when using CSR**

docs/docs/reference/05-oauth-providers/battlenet.md

@@ -15,7 +15,7 @@ https://develop.battle.net/access/clients
 
 The **Battle.net Provider** comes with a set of default options:
 
-- [Battle.net Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/battlenet.js)
+- [Battle.net Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/battlenet.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/reference/05-oauth-providers/github.md

@@ -19,7 +19,7 @@ https://github.com/settings/apps
 
 The **GitHub Provider** comes with a set of default options:
 
-- [GitHub Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/github.js)
+- [GitHub Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/github.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/reference/05-oauth-providers/gitlab.md

@@ -15,7 +15,7 @@ https://gitlab.com/-/profile/applications
 
 The **Gitlab Provider** comes with a set of default options:
 
-- [Gitlab Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/gitlab.js)
+- [Gitlab Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/gitlab.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/reference/05-oauth-providers/kakao.md

@@ -15,7 +15,7 @@ https://developers.kakao.com/docs/latest/en/kakaologin/common
 
 The **Kakao Provider** comes with a set of default options:
 
-- [Kakao Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/kakao.js)
+- [Kakao Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/kakao.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/reference/05-oauth-providers/mattermost.md

@@ -0,0 +1,36 @@
+---
+id: mattermost
+title: Mattermost
+---
+
+## Documentation
+
+https://developers.mattermost.com/integrate/apps/authentication/oauth2
+
+## Configuration
+
+http://my-cool-server.cloud.mattermost.com/mycoolteam/integrations/oauth2-apps
+
+## Options
+
+The **Mattermost provider** comes with a set of default options:
+
+- [Mattermost Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/providers/mattermost.ts)
+
+You can override any of the options to suit your own use case.
+
+## Example
+
+```ts
+import Mattermost from "@auth/core/providers/mattermost";
+...
+providers: [
+  Mattermost({
+    // The base url of your Mattermost instance. e.g https://my-cool-server.cloud.mattermost.com
+    clientId: env.MATTERMOST_ID,
+    clientSecret: env.MATTERMOST_SECRET,
+    issuer: env.MATTERMOST_ISSUER,
+  })
+]
+...
+```

docs/docs/reference/05-oauth-providers/salesforce.md

@@ -11,7 +11,7 @@ https://help.salesforce.com/articleView?id=remoteaccess_authenticate.htm&type=5
 
 The **Salesforce Provider** comes with a set of default options:
 
-- [Salesforce Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/salesforce.js)
+- [Salesforce Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/salesforce.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/reference/05-oauth-providers/strava.md

@@ -11,7 +11,7 @@ http://developers.strava.com/docs/reference/
 
 The **Strava Provider** comes with a set of default options:
 
-- [Strava Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/strava.js)
+- [Strava Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/strava.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/reference/05-oauth-providers/trakt.md

@@ -33,7 +33,7 @@ providers: [
 ```
 
 :::warning
-Trakt does not allow hotlinking images. Even the authenticated user's profie picture.
+Trakt does not allow hotlinking images. Even the authenticated user's profile picture.
 :::
 
 :::warning

docs/docs/reference/05-oauth-providers/vk.md

@@ -15,7 +15,7 @@ https://vk.com/apps?act=manage
 
 The **VK Provider** comes with a set of default options:
 
-- [VK Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/vk.js)
+- [VK Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/vk.ts)
 
 You can override any of the options to suit your own use case.
 

docs/docs/reference/06-adapters/dgraph.md

@@ -91,7 +91,7 @@ type VerificationToken {
 ## Securing your database
 
 For production deployments you will want to restrict the access to the types used
-by next-auth. The main form of access control used in Dgraph is via `@auth` directive alongide types in the schema.
+by next-auth. The main form of access control used in Dgraph is via `@auth` directive alongside types in the schema.
 
 #### Secure schema
 

docs/docs/reference/06-adapters/firebase.md

@@ -1,75 +0,0 @@
----
-id: firebase
-title: Firebase
----
-
-:::warning
-This adapter is still experimental and does not work with Auth.js 4 or newer. If you would like to help out upgrading it, please visit [this PR](https://github.com/nextauthjs/next-auth/pull/3873)
-:::
-
-This is the Firebase Adapter for [`next-auth`](https://authjs.dev). This package can only be used in conjunction with the primary `next-auth` package. It is not a standalone package.
-
-## Getting Started
-
-1. Install the necessary packages
-
-```bash npm2yarn
-npm install next-auth @next-auth/firebase-adapter@experimental
-```
-
-2. Add this adapter to your `pages/api/auth/[...nextauth].js` next-auth configuration object.
-
-```javascript title="pages/api/auth/[...nextauth].js"
-import NextAuth from "next-auth"
-import GoogleProvider from "next-auth/providers/google"
-import { FirebaseAdapter } from "@next-auth/firebase-adapter"
-
-import firebase from "firebase/app"
-import "firebase/firestore"
-
-const firestore = (
-  firebase.apps[0] ?? firebase.initializeApp(/* your config */)
-).firestore()
-
-// For more information on each option (and a full list of options) go to
-// https://authjs.dev/reference/configuration/auth-options
-export default NextAuth({
-  // https://authjs.dev/reference/providers/
-  providers: [
-    GoogleProvider({
-      clientId: process.env.GOOGLE_ID,
-      clientSecret: process.env.GOOGLE_SECRET,
-    }),
-  ],
-  adapter: FirebaseAdapter(firestore),
-  ...
-})
-```
-
-## Options
-
-When initializing the firestore adapter, you must pass in the firebase config object with the details from your project. More details on how to obtain that config object can be found [here](https://support.google.com/firebase/answer/7015592).
-
-An example firebase config looks like this:
-
-```js
-const firebaseConfig = {
-  apiKey: "AIzaSyDOCAbC123dEf456GhI789jKl01-MnO",
-  authDomain: "myapp-project-123.firebaseapp.com",
-  databaseURL: "https://myapp-project-123.firebaseio.com",
-  projectId: "myapp-project-123",
-  storageBucket: "myapp-project-123.appspot.com",
-  messagingSenderId: "65211879809",
-  appId: "1:65211879909:web:3ae38ef1cdcb2e01fe5f0c",
-  measurementId: "G-8GSGZQ44ST",
-}
-```
-
-See [firebase.google.com/docs/web/setup](https://firebase.google.com/docs/web/setup) for more details.
-
-:::tip **From Firebase**
-
-**Caution**: We do not recommend manually modifying an app's Firebase config file or object. If you initialize an app with invalid or missing values for any of these required "Firebase options", then your end users may experience serious issues.
-
-For open source projects, we generally do not recommend including the app's Firebase config file or object in source control because, in most cases, your users should create their own Firebase projects and point their apps to their own Firebase resources (via their own Firebase config file or object).
-:::

docs/docs/reference/06-adapters/prisma.md

@@ -45,7 +45,7 @@ You need to use at least Prisma 2.26.0. Create a schema file in `prisma/schema.p
 datasource db {
   provider = "postgresql"
   url      = env("DATABASE_URL")
-  shadowDatabaseUrl = env("SHADOW_DATABASE_URL") // Only needed when using a cloud provider that doesn't support the creation of new databases, like Heroku. Learn more: https://pris.ly/migrate-shadow
+  shadowDatabaseUrl = env("SHADOW_DATABASE_URL") // Only needed when using a cloud provider that doesn't support the creation of new databases, like Heroku. Learn more: https://pris.ly/d/migrate-shadow
 }
 
 generator client {
@@ -139,9 +139,10 @@ Prisma supports MongoDB, and so does Auth.js. Following the instructions of the
 id  String  @id @default(auto()) @map("_id") @db.ObjectId
 ```
 
-2. The Native database type attribute to `@db.String` from `@db.Text`.
+2. The Native database type attribute to `@db.String` from `@db.Text` and userId to `@db.ObjectId`.
 
 ```prisma
+user_id            String   @db.ObjectId
 refresh_token      String?  @db.String
 access_token       String?  @db.String
 id_token           String?  @db.String

docs/docs/reference/06-adapters/xata.md

@@ -32,7 +32,6 @@ Now that we're ready, let's create a new Xata project using our next-auth schema
 
 ```json title="schema.json"
 {
-  "formatVersion": "",
   "tables": [
     {
       "name": "nextauth_users",

docs/docs/reference/09-warnings.md

@@ -3,57 +3,13 @@ id: warnings
 title: Warnings
 ---
 
-This is a list of warning output from Auth.js.
+A list of warnings from Auth.js that need your attention.
 
-All warnings indicate things which you should take a look at, but do not inhibit normal operation.
 
----
+## Debug enabled
 
-## Client
+The `debug` option was evaluated to `true`. It adds extra logs in the terminal which is useful in development, but since it can print sensitive information about users, make sure to set this to `false` in production. In Node.js environments, you can for example set `debug: process.env.NODE_ENV !== "production"`. Consult with your runtime/framework on how to set this value correctly.
 
-#### NEXTAUTH_URL
+## CSRF disabled
 
-Environment variable `NEXTAUTH_URL` missing. Please set it in your `.env` file.
-
-:::note
-On [Vercel](https://vercel.com) deployments, we will read the `VERCEL_URL` environment variable, so you won't need to define `NEXTAUTH_URL`.
-:::
-
----
-
-## Server
-
-These warnings are displayed on the terminal.
-
-#### NO_SECRET
-
-In development, we generate a `secret` based on your configuration for convenience. This is volatile and will throw an error in production. [Read more](https://authjs.dev/reference/configuration/auth-config/#secret)
-
-#### TWITTER_OAUTH_2_BETA
-
-Twitter OAuth 2.0 is currently in beta as certain changes might still be necessary. This is not covered by semver. See the docs https://authjs.dev/reference/providers/twitter#oauth-2
-
-#### EXPERIMENTAL_API
-
-Some APIs are still experimental; they may be changed or removed in the future. Use at your own risk.
-
-## Adapter
-
-### ADAPTER_TYPEORM_UPDATING_ENTITIES
-
-This warning occurs when typeorm finds that the provided entities differ from the database entities. By default while not in `production` the typeorm adapter will always synchronize changes made to the entities codefiles.
-
-Disable this warning by setting `synchronize: false` in your typeorm config
-
-Example:
-
-```js title="/pages/api/auth/[...nextauth].js"
-adapter: TypeORMLegacyAdapter({
-  type: 'mysql',
-  username: process.env.DATABASE_USERNAME,
-  password: process.env.DATABASE_PASSWORD,
-  host: process.env.DATABASE_HOST,
-  database: process.env.DATABASE_DB,
-  synchronize: false
-}),
-```
+You were trying to get a CSRF response from Auth.js (eg.: by calling a `/csrf` endpoint), but in this setup, CSRF protection via Auth.js was turned off. This is likely if you are not directly using `@auth/core` but a framework library (like `@auth/sveltekit`) that already has CSRF protection built-in. You likely won't need the CSRF response.

docs/docs/reference/index.md

@@ -1,25 +0,0 @@
----
-title: Overview
-sidebar_label: Overview
-sidebar_position: 0
----
-
-## Core
-
-## Providers
-
-- OAuth/OIDC
-- Email/Passwordless
-- Credentials
-
-## Database Adapters
-
-## Frameworks
-
-- Next.js
-- SvelteKit
-- SolidStart
-- Remix
-- Nuxt
-- Gatsby
-- etc.

docs/docusaurus.config.js

@@ -62,7 +62,7 @@ const docusaurusConfig = {
           position: "left",
         },
         {
-          to: "/reference/core/modules/main",
+          to: "/reference/core",
           // TODO: change to this when the overview page looks better.
           // to: "/reference",
           activeBasePath: "/reference",
@@ -101,7 +101,7 @@ const docusaurusConfig = {
     announcementBar: {
       id: "new-major-announcement",
       content:
-        "<a target='_blank' rel='noopener noreferrer' href='https://next-auth.js.org'>NextAuth.js</a> is becoming Auth.js! 🎉 We're creating Authentication for the Web. Everyone included. Starting with SvelteKit, check out <a href='/reference/sveltekit'>the docs</a>.",
+        "<a target='_blank' rel='noopener noreferrer' href='https://next-auth.js.org'>NextAuth.js</a> is becoming Auth.js! 🎉 We're creating Authentication for the Web. Everyone included. Starting with SvelteKit, check out <a href='/reference/sveltekit'>the docs</a>. Note, this site is under active development.",
       backgroundColor: "#000",
       textColor: "#fff",
     },
@@ -182,10 +182,7 @@ const docusaurusConfig = {
           lastVersion: "current",
           showLastUpdateAuthor: true,
           showLastUpdateTime: true,
-          remarkPlugins: [
-            require("@sapphire/docusaurus-plugin-npm2yarn2pnpm").npm2yarn2pnpm,
-            require("remark-github"),
-          ],
+          remarkPlugins: [require("@sapphire/docusaurus-plugin-npm2yarn2pnpm").npm2yarn2pnpm],
           versions: {
             current: {
               label: "experimental",
@@ -204,20 +201,14 @@ const docusaurusConfig = {
       {
         ...typedocConfig,
         id: "core",
-        plugin: ["./tyepdoc"],
-        entryPoints: [
-          "index.ts",
-          "adapters.ts",
-          "errors.ts",
-          "jwt.ts",
-          "types.ts",
-        ]
-          .map((e) => `${coreSrc}/${e}`)
-          .concat(providers),
-        tsconfig: "../packages/core/tsconfig.json",
-        out: "reference/03-core",
+        plugin: [require.resolve("./typedoc-mdn-links")],
         watch: process.env.TYPEDOC_WATCH,
-        includeExtension: false,
+        entryPoints: ["index.ts", "adapters.ts", "errors.ts", "jwt.ts", "types.ts"].map((e) => `${coreSrc}/${e}`).concat(providers),
+        tsconfig: "../packages/core/tsconfig.json",
+        out: "reference/core",
+        sidebar: {
+          indexLabel: "index",
+        },
       },
     ],
     [
@@ -225,14 +216,29 @@ const docusaurusConfig = {
       {
         ...typedocConfig,
         id: "sveltekit",
-        plugin: ["./tyepdoc"],
-        entryPoints: ["index.ts", "client.ts"].map(
-          (e) => `../packages/frameworks-sveltekit/src/lib/${e}`
-        ),
-        tsconfig: "../packages/frameworks-sveltekit/tsconfig.json",
-        out: "reference/04-sveltekit",
+        plugin: [require.resolve("./typedoc-mdn-links")],
         watch: process.env.TYPEDOC_WATCH,
-        includeExtension: false,
+        entryPoints: ["index.ts", "client.ts"].map((e) => `../packages/frameworks-sveltekit/src/lib/${e}`),
+        tsconfig: "../packages/frameworks-sveltekit/tsconfig.json",
+        out: "reference/sveltekit",
+        sidebar: {
+          indexLabel: "index",
+        },
+      },
+    ],
+    [
+      "docusaurus-plugin-typedoc",
+      {
+        ...typedocConfig,
+        id: "firebase-adapter",
+        plugin: [require.resolve("./typedoc-mdn-links")],
+        watch: process.env.TYPEDOC_WATCH,
+        entryPoints: ["../packages/adapter-firebase/src/index.ts"],
+        tsconfig: "../packages/adapter-firebase/tsconfig.json",
+        out: "reference/adapter/firebase",
+        sidebar: {
+          indexLabel: "Firebase",
+        },
       },
     ],
   ],

docs/package.json

@@ -3,7 +3,7 @@
   "repository": "https://github.com/nextauthjs/next-auth",
   "name": "docs",
   "scripts": {
-    "start": "TYPEDOC_WATCH=true docusaurus start --no-open --port 8000",
+    "start": "TYPEDOC_WATCH=true docusaurus start --no-open",
     "dev": "pnpm providers && pnpm snippets && pnpm start",
     "build": "pnpm providers && docusaurus build",
     "docusaurus": "docusaurus",
@@ -27,7 +27,6 @@
     "react": "^18.2.0",
     "react-dom": "^18.2.0",
     "react-marquee-slider": "^1.1.5",
-    "remark-github": "10.1.0",
     "styled-components": "5.3.6"
   },
   "devDependencies": {
@@ -37,7 +36,9 @@
     "@docusaurus/preset-classic": "2.2.0",
     "@docusaurus/theme-common": "2.2.0",
     "@docusaurus/types": "2.2.0",
-    "docusaurus-plugin-typedoc": "^0.18.0"
+    "docusaurus-plugin-typedoc": "1.0.0-next.2",
+    "typedoc": "^0.23.24",
+    "typedoc-plugin-markdown": "4.0.0-next.2"
   },
   "browserslist": {
     "production": [

docs/scripts/generate-snippets.mjs

@@ -18,7 +18,7 @@ for (const file of files) {
   body.push(" */")
   const name = file.replace(/\.md$/, "")
   result[name] = {
-    description: `Snippet genereated from ${file} by pnpm \`generate-snippet\``,
+    description: `Snippet generated from ${file} by pnpm \`generate-snippet\``,
     scope: "typescript",
     prefix: name,
     body,

docs/sidebars.js

@@ -14,61 +14,28 @@ module.exports = {
     },
   ],
   referenceSidebar: [
-    "reference/index",
     {
       type: "category",
       label: "@auth/core",
-      link: {
-        type: "doc",
-        id: "reference/core/modules/main",
-      },
-      items: [
-        {
-          type: "autogenerated",
-          dirName: "reference/03-core/modules",
-          // See: https://github.com/facebook/docusaurus/issues/5689
-          // exclude: ["index"],
-        },
-        {
-          type: "category",
-          label: "Reflections",
-          collapsed: true,
-          className: "reflection-category", // See src/index.css
-          items: [{ type: "autogenerated", dirName: "reference/03-core" }],
-        },
-      ],
+      link: { type: "doc", id: "reference/core/index" },
+      items: [{ type: "autogenerated", dirName: "reference/core" }],
     },
     {
       type: "category",
       label: "@auth/sveltekit",
-      link: { type: "doc", id: "reference/sveltekit/modules/main" },
-      items: [
-        { type: "autogenerated", dirName: "reference/04-sveltekit/modules" },
-        {
-          type: "category",
-          label: "Reflections",
-          collapsed: true,
-          className: "reflection-category", // See src/index.css
-          items: [{ type: "autogenerated", dirName: "reference/04-sveltekit" }],
-        },
-      ],
+      link: { type: "doc", id: "reference/sveltekit/index" },
+      items: [{ type: "autogenerated", dirName: "reference/sveltekit" }],
     },
     {
       type: "category",
       label: "@auth/solid-start",
-      link: {
-        type: "doc",
-        id: "reference/solidstart/index",
-      },
-      items: ["reference/solidstart/client", "reference/solidstart/protected"],
+      link: { type: "doc", id: "reference/solidstart/index" },
+      items: [{ type: "autogenerated", dirName: "reference/04-solidstart" }],
     },
     {
       type: "category",
       label: "@auth/nextjs",
-      link: {
-        type: "doc",
-        id: "reference/nextjs/index",
-      },
+      link: { type: "doc", id: "reference/nextjs/index" },
       items: [
         "reference/nextjs/client",
         {
@@ -83,24 +50,8 @@ module.exports = {
       label: "Database Adapters",
       link: { type: "doc", id: "reference/adapters/overview" },
       items: [
-        {
-          type: "autogenerated",
-          dirName: "reference/06-adapters",
-          // See: https://github.com/facebook/docusaurus/issues/5689
-          // exclude: ["index"],
-        },
-      ],
-    },
-    {
-      type: "category",
-      label: "OAuth Providers",
-      items: [
-        {
-          type: "autogenerated",
-          dirName: "reference/05-oauth-providers",
-          // See: https://github.com/facebook/docusaurus/issues/5689
-          // exclude: ["index"],
-        },
+        { type: "doc", id: "reference/adapter/firebase/index" },
+        { type: "autogenerated", dirName: "reference/06-adapters" },
       ],
     },
     "reference/utilities/client",

docs/snippets/oauth-docs.md

@@ -2,14 +2,12 @@ Add $1 login to your page.
 
 ## Example
 
-@example
-
-```js
-import Auth from "@auth/core"
-import { $1 } from "@auth/core/providers/$2"
+```ts
+import { Auth } from "@auth/core"
+import $1 from "@auth/core/providers/$2"
 
 const request = new Request("https://example.com")
-const resposne = await AuthHandler(request, {
+const response = await AuthHandler(request, {
   providers: [$1({ clientId: "", clientSecret: "" })],
 })
 ```
@@ -18,7 +16,7 @@ const resposne = await AuthHandler(request, {
 
 ## Resources
 
-@see [Link 1](https://example.com)
+- [Link 1](https://example.com)
 
 ---
 

docs/snippets/oauth-provider.md

@@ -9,7 +9,7 @@ import Auth from "@auth/core"
 import { $1 } from "@auth/core/providers/$2"
 
 const request = new Request("https://example.com")
-const resposne = await AuthHandler(request, {
+const response = await AuthHandler(request, {
   providers: [$1({ clientId: "", clientSecret: "" })],
 })
 ```

docs/src/components/ProviderMarquee.js

@@ -4,17 +4,16 @@ import Marquee, { Motion, randomIntFromInterval } from "react-marquee-slider"
 import styles from "./ProviderMarqueeStyle.module.css"
 
 const icons = [
-  "/img/providers/apple-black.svg",
+  "/img/providers/apple.svg",
   "/img/providers/auth0.svg",
-  "/img/providers/aws-cognito.svg",
-  "/img/providers/battle.net.svg",
+  "/img/providers/cognito.svg",
+  "/img/providers/battlenet.svg",
   "/img/providers/box.svg",
-  "/img/providers/facebook-2.svg",
-  "/img/providers/github-1.svg",
+  "/img/providers/facebook.svg",
+  "/img/providers/github.svg",
   "/img/providers/gitlab.svg",
-  "/img/providers/google-icon.svg",
-  "/img/providers/okta-3.svg",
-  "/img/providers/openid.svg",
+  "/img/providers/google.svg",
+  "/img/providers/okta.svg",
   "/img/providers/slack.svg",
   "/img/providers/spotify.svg",
   "/img/providers/twitter.svg",

docs/src/css/index.css

@@ -272,27 +272,4 @@ html[data-theme="dark"] #carbonads > span {
 html[data-theme="dark"] #carbonads .carbon-poweredby {
   color: #aaa;
   background: #1e2021;
-}
-
-/* 
-  This is a hack to hide the "Reflection" category and "main" module from the sidebar.
-  This is because:
-  1. opening any page under the "Reflection" category would hide the entire sidebar.
-  2. the "main" module would show up twice.
-  See sidebars.js
-*/
-.reflection-category,
-.theme-doc-sidebar-item-link-level-2 [href="/reference/core/modules/main"],
-.theme-doc-sidebar-item-link-level-2
-  [href="/reference/sveltekit/modules/main"] {
-  display: none;
-}
-
-/*
- HACK: to hide the "Classes" header and duplicate items together with the "typedoc-plugin-markdown" patch.
- See: https://github.com/TypeStrong/typedoc/issues/2006
-*/
-/* h3.anchor + p:has(code, strong), */ /** hack did not work as it hides property types elsewhere */
-#classes {
-  display: none;
-}
+}

docs/static/img/providers/apple-black.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="2036" height="2500" viewBox="0 0 456.008 560.035" fill="#3c5a9a"><path d="M380.844 297.529c.787 84.752 74.349 112.955 75.164 113.314-.622 1.988-11.754 40.191-38.756 79.652-23.343 34.117-47.568 68.107-85.731 68.811-37.499.691-49.557-22.236-92.429-22.236-42.859 0-56.256 21.533-91.753 22.928-36.837 1.395-64.889-36.891-88.424-70.883-48.093-69.53-84.846-196.475-35.496-282.165 24.516-42.554 68.328-69.501 115.882-70.192 36.173-.69 70.315 24.336 92.429 24.336 22.1 0 63.59-30.096 107.208-25.676 18.26.76 69.517 7.376 102.429 55.552-2.652 1.644-61.159 35.704-60.523 106.559M310.369 89.418C329.926 65.745 343.089 32.79 339.498 0 311.308 1.133 277.22 18.785 257 42.445c-18.121 20.952-33.991 54.487-29.709 86.628 31.421 2.431 63.52-15.967 83.078-39.655"/></svg>

docs/static/img/providers/asgardeo-dark.svg

@@ -0,0 +1,7 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" viewBox="0 0 99.881 86.449">
+  <g id="asgardeo-trifactor-logo-dark-16x40" transform="translate(-553.024 -388.98)">
+    <path id="Path_264" data-name="Path 264" d="M743.533,388.98l9.161,15.892-10.153,17.6h20.306l9.209,15.892H714.97Z" transform="translate(-119.151 0)" fill="#ff7300"/>
+    <path id="Path_265" data-name="Path 265" d="M705.95,438.364l9.209-15.892h20.306l-10.153-17.6,9.162-15.892,28.6,49.393Z" transform="translate(-152.926 0.009)" fill="#ff7300"/>
+    <path id="Path_266" data-name="Path 266" d="M749.175,446.183l-10.153-17.6-10.2,17.6H710.46l28.6-49.393,28.515,49.393Z" transform="translate(-136.043 29.246)"/>
+  </g>
+</svg>

docs/static/img/providers/asgardeo.svg

@@ -0,0 +1,7 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" viewBox="0 0 99.881 86.449">
+  <g id="asgardeo-trifactor-logo-light-16x40" transform="translate(-553.024 -388.98)">
+    <path id="Path_264" data-name="Path 264" d="M743.533,388.98l9.161,15.892-10.153,17.6h20.306l9.209,15.892H714.97Z" transform="translate(-119.151)" fill="#ff7300"/>
+    <path id="Path_265" data-name="Path 265" d="M705.95,438.364l9.209-15.892h20.306l-10.153-17.6,9.162-15.892,28.6,49.393Z" transform="translate(-152.926 0.009)" fill="#ff7300"/>
+    <path id="Path_266" data-name="Path 266" d="M749.175,446.183l-10.153-17.6-10.2,17.6H710.46l28.6-49.393,28.515,49.393Z" transform="translate(-136.043 29.246)" fill="#fff"/>
+  </g>
+</svg>

docs/static/img/providers/auth0.svg

@@ -1 +1,3 @@
-<svg width="2230" height="2500" viewBox="0 0 256 287" xmlns="http://www.w3.org/2000/svg"><path d="M203.24 231.531l-28.73-88.434 75.208-54.64h-92.966L128.019.025l-.009-.024h92.98l28.74 88.446.002-.002.024-.013c16.69 51.31-.5 109.67-46.516 143.098zm-150.45 0l-.023.017 75.228 54.655 75.245-54.67-75.221-54.656-75.228 54.654zM6.295 88.434c-17.57 54.088 2.825 111.4 46.481 143.108l.007-.028 28.735-88.429-75.192-54.63h92.944L128.004.024 128.01 0H35.025L6.294 88.434z" fill="#EB5424"/></svg>
+<svg width="32" height="32" viewBox="0 0 256 287" xmlns="http://www.w3.org/2000/svg" preserveAspectRatio="xMinYMin meet">
+  <path d="M203.24 231.531l-28.73-88.434 75.208-54.64h-92.966L128.019.025l-.009-.024h92.98l28.74 88.446.002-.002.024-.013c16.69 51.31-.5 109.67-46.516 143.098zm-150.45 0l-.023.017 75.228 54.655 75.245-54.67-75.221-54.656-75.228 54.654zM6.295 88.434c-17.57 54.088 2.825 111.4 46.481 143.108l.007-.028 28.735-88.429-75.192-54.63h92.944L128.004.024 128.01 0H35.025L6.294 88.434z" fill="#EB5424"/>
+</svg>

docs/static/img/providers/aws-cognito.svg

@@ -1 +0,0 @@
-<svg width="2140" height="2500" viewBox="0 0 256 299" xmlns="http://www.w3.org/2000/svg" preserveAspectRatio="xMidYMid"><path d="M208.752 58.061l25.771-6.636.192.283.651 155.607-.843.846-5.31.227-20.159-3.138-.302-.794V58.061M59.705 218.971l.095.007 68.027 19.767.173.133.296.236-.096 59.232-.2.252-68.295-33.178v-46.449" fill="#7A3E65"/><path d="M208.752 204.456l-80.64 19.312-40.488-9.773-27.919 4.976L128 238.878l105.405-28.537 1.118-2.18-25.771-3.705" fill="#CFB2C1"/><path d="M196.295 79.626l-.657-.749-66.904-19.44-.734.283-.672-.343L22.052 89.734l-.575.703.845.463 24.075 3.53.851-.289 80.64-19.311 40.488 9.773 27.919-4.977" fill="#512843"/><path d="M47.248 240.537l-25.771 6.221-.045-.149-1.015-155.026 1.06-1.146 25.771 3.704v146.396" fill="#C17B9E"/><path d="M82.04 180.403l45.96 5.391.345-.515.187-71.887-.532-.589-45.96 5.392v62.208" fill="#7A3E65"/><path d="M173.96 180.403L128 185.794v-72.991l45.96 5.392v62.208M196.295 79.626L128 59.72V0l68.295 33.177v46.449" fill="#C17B9E"/><path d="M128 0L0 61.793v175.011l21.477 9.954V90.437L128 59.72V0" fill="#7A3E65"/><path d="M234.523 51.425v156.736L128 238.878v59.72l128-61.794V61.793l-21.477-10.368" fill="#C17B9E"/></svg>

docs/static/img/providers/battle.net.svg

@@ -1 +0,0 @@
-<svg fill="#000000" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 50 50" width="50px" height="50px"><path d="M 43.113281 22.152344 C 43.113281 22.152344 47.058594 22.351563 47.058594 20.03125 C 47.058594 16.996094 41.804688 14.261719 41.804688 14.261719 C 41.804688 14.261719 42.628906 12.515625 43.140625 11.539063 C 43.65625 10.5625 45.101563 6.753906 45.230469 5.886719 C 45.394531 4.792969 45.144531 4.449219 45.144531 4.449219 C 44.789063 6.792969 40.972656 13.539063 40.671875 13.769531 C 36.949219 12.023438 31.835938 11.539063 31.835938 11.539063 C 31.835938 11.539063 26.832031 1 22.125 1 C 17.457031 1 17.480469 10.023438 17.480469 10.023438 C 17.480469 10.023438 16.160156 7.464844 14.507813 7.464844 C 12.085938 7.464844 11.292969 11.128906 11.292969 15.097656 C 6.511719 15.097656 2.492188 16.164063 2.132813 16.265625 C 1.773438 16.371094 0.644531 17.191406 1.15625 17.089844 C 2.203125 16.753906 7.113281 15.992188 11.410156 16.367188 C 11.648438 20.140625 13.851563 25.054688 13.851563 25.054688 C 13.851563 25.054688 9.128906 31.894531 9.128906 36.78125 C 9.128906 38.066406 9.6875 40.417969 13.078125 40.417969 C 15.917969 40.417969 19.105469 38.710938 19.707031 38.363281 C 19.183594 39.113281 18.796875 40.535156 18.796875 41.191406 C 18.796875 41.726563 19.113281 43.246094 21.304688 43.246094 C 24.117188 43.246094 27.257813 41.089844 27.257813 41.089844 C 27.257813 41.089844 30.222656 46.019531 32.761719 48.28125 C 33.445313 48.890625 34.097656 49 34.097656 49 C 34.097656 49 31.578125 46.574219 28.257813 40.324219 C 31.34375 38.417969 34.554688 33.921875 34.554688 33.921875 C 34.554688 33.921875 34.933594 33.933594 37.863281 33.933594 C 42.453125 33.933594 48.972656 32.96875 48.972656 29.320313 C 48.972656 25.554688 43.113281 22.152344 43.113281 22.152344 Z M 43.625 19.886719 C 43.625 21.21875 42.359375 21.199219 42.359375 21.199219 L 41.394531 21.265625 C 41.394531 21.265625 39.566406 20.304688 38.460938 19.855469 C 38.460938 19.855469 40.175781 17.207031 40.578125 16.46875 C 40.882813 16.644531 43.625 18.363281 43.625 19.886719 Z M 24.421875 6.308594 C 26.578125 6.308594 29.65625 11.402344 29.65625 11.402344 C 29.65625 11.402344 24.851563 10.972656 20.898438 13.296875 C 21.003906 9.628906 22.238281 6.308594 24.421875 6.308594 Z M 15.871094 10.4375 C 16.558594 10.4375 17.230469 11.269531 17.507813 11.976563 C 17.507813 12.445313 17.75 15.171875 17.75 15.171875 L 13.789063 15.023438 C 13.789063 11.449219 15.1875 10.4375 15.871094 10.4375 Z M 15.464844 35.246094 C 13.300781 35.246094 12.851563 34.039063 12.851563 32.953125 C 12.851563 30.496094 14.8125 27.058594 14.8125 27.058594 C 14.8125 27.058594 17.011719 31.683594 20.851563 33.636719 C 18.945313 34.753906 17.375 35.246094 15.464844 35.246094 Z M 22.492188 40.089844 C 20.972656 40.089844 20.789063 39.105469 20.789063 38.878906 C 20.789063 38.171875 21.339844 37.335938 21.339844 37.335938 C 21.339844 37.335938 23.890625 35.613281 24.054688 35.429688 L 25.9375 38.945313 C 25.9375 38.945313 24.007813 40.089844 22.492188 40.089844 Z M 27.226563 38.171875 C 26.300781 36.554688 25.621094 34.867188 25.621094 34.867188 C 25.621094 34.867188 29.414063 35.113281 31.453125 33.007813 C 30.183594 33.578125 28.15625 34.300781 25.800781 34.082031 C 30.726563 29.742188 33.601563 26.597656 36.03125 23.34375 C 35.824219 23.09375 34.710938 22.316406 34.4375 22.1875 C 32.972656 23.953125 27.265625 30.054688 21.984375 33.074219 C 15.292969 29.425781 13.890625 18.691406 13.746094 16.460938 L 17.402344 16.8125 C 17.402344 16.8125 16.027344 19.246094 16.027344 21.039063 C 16.027344 22.828125 16.242188 22.925781 16.242188 22.925781 C 16.242188 22.925781 16.195313 19.800781 18.125 17.390625 C 19.59375 25.210938 21.125 29.21875 22.320313 31.605469 C 22.925781 31.355469 24.058594 30.851563 24.058594 30.851563 C 24.058594 30.851563 20.683594 21.121094 20.871094 14.535156 C 22.402344 13.71875 24.667969 12.875 27.226563 12.875 C 33.957031 12.875 39.367188 15.773438 39.367188 15.773438 L 37.25 18.730469 C 37.25 18.730469 35.363281 15.3125 32.699219 14.703125 C 34.105469 15.753906 35.679688 17.136719 36.496094 19.128906 C 30.917969 16.949219 24.1875 15.796875 22.027344 15.542969 C 21.839844 16.339844 21.863281 17.480469 21.863281 17.480469 C 21.863281 17.480469 30.890625 19.144531 37.460938 22.90625 C 37.414063 31.125 28.460938 37.4375 27.226563 38.171875 Z M 35.777344 32.027344 C 35.777344 32.027344 38.578125 28.347656 38.535156 23.476563 C 38.535156 23.476563 43.0625 26.28125 43.0625 29.015625 C 43.0625 32.074219 35.777344 32.027344 35.777344 32.027344 Z"/></svg>

docs/static/img/providers/beyondidentity-dark.svg

@@ -0,0 +1,4 @@
+<svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg" role="img">
+  <!-- <path d="M15.968 0 7.684 16.57 3.763 8.726H.949L7.684 21.47 18.783 0h-2.815ZM6.767 27.162v2.878h2.498v-7.747l-2.498 4.869Z" fill="#5077C5"/> -->
+  <path d="M 22.102,0 13.818,16.57 9.897,8.726 H 7.083 L 13.818,21.47 24.917,0 Z m -9.201,27.162 v 2.878 h 2.498 v -7.747 z" fill="#5077c5"/>
+</svg>

docs/static/img/providers/beyondidentity.svg

@@ -0,0 +1,4 @@
+<svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg" role="img">
+  <!-- <path d="M15.968 0 7.684 16.57 3.763 8.726H.949L7.684 21.47 18.783 0h-2.815ZM6.767 27.162v2.878h2.498v-7.747l-2.498 4.869Z" fill="#5077C5"/> -->
+  <path d="M 22.102,0 13.818,16.57 9.897,8.726 H 7.083 L 13.818,21.47 24.917,0 Z m -9.201,27.162 v 2.878 h 2.498 v -7.747 z" fill="#5077c5"/>
+</svg>

docs/static/img/providers/box.svg

@@ -1 +1,6 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="2500" height="1379" viewBox="0 0 444.893 245.414"><g fill="#0075C9"><path d="M239.038 72.43c-33.081 0-61.806 18.6-76.322 45.904-14.516-27.305-43.24-45.902-76.32-45.902-19.443 0-37.385 6.424-51.821 17.266V16.925h-.008C34.365 7.547 26.713 0 17.286 0 7.858 0 .208 7.547.008 16.925H0v143.333h.036c.768 47.051 39.125 84.967 86.359 84.967 33.08 0 61.805-18.603 76.32-45.908 14.517 27.307 43.241 45.906 76.321 45.906 47.715 0 86.396-38.684 86.396-86.396.001-47.718-38.682-86.397-86.394-86.397zM86.395 210.648c-28.621 0-51.821-23.201-51.821-51.82 0-28.623 23.201-51.823 51.821-51.823 28.621 0 51.822 23.2 51.822 51.823 0 28.619-23.201 51.82-51.822 51.82zm152.643 0c-28.622 0-51.821-23.201-51.821-51.822 0-28.623 23.2-51.821 51.821-51.821 28.619 0 51.822 23.198 51.822 51.821-.001 28.621-23.203 51.822-51.822 51.822z"/><path d="M441.651 218.033l-44.246-59.143 44.246-59.144-.008-.007c5.473-7.62 3.887-18.249-3.652-23.913-7.537-5.658-18.187-4.221-23.98 3.157l-.004-.002-38.188 51.047-38.188-51.047-.006.009c-5.793-7.385-16.441-8.822-23.981-3.16-7.539 5.664-9.125 16.293-3.649 23.911l-.008.005 44.245 59.144-44.245 59.143.008.005c-5.477 7.62-3.89 18.247 3.649 23.909 7.54 5.664 18.188 4.225 23.981-3.155l.006.007 38.188-51.049 38.188 51.049.004-.002c5.794 7.377 16.443 8.814 23.98 3.154 7.539-5.662 9.125-16.291 3.652-23.91l.008-.008z"/></g></svg>
+<svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" viewBox="0 0 444.893 245.414">
+  <g fill="#0075C9">
+    <path d="M239.038 72.43c-33.081 0-61.806 18.6-76.322 45.904-14.516-27.305-43.24-45.902-76.32-45.902-19.443 0-37.385 6.424-51.821 17.266V16.925h-.008C34.365 7.547 26.713 0 17.286 0 7.858 0 .208 7.547.008 16.925H0v143.333h.036c.768 47.051 39.125 84.967 86.359 84.967 33.08 0 61.805-18.603 76.32-45.908 14.517 27.307 43.241 45.906 76.321 45.906 47.715 0 86.396-38.684 86.396-86.396.001-47.718-38.682-86.397-86.394-86.397zM86.395 210.648c-28.621 0-51.821-23.201-51.821-51.82 0-28.623 23.201-51.823 51.821-51.823 28.621 0 51.822 23.2 51.822 51.823 0 28.619-23.201 51.82-51.822 51.82zm152.643 0c-28.622 0-51.821-23.201-51.821-51.822 0-28.623 23.2-51.821 51.821-51.821 28.619 0 51.822 23.198 51.822 51.821-.001 28.621-23.203 51.822-51.822 51.822z"/>
+    <path d="M441.651 218.033l-44.246-59.143 44.246-59.144-.008-.007c5.473-7.62 3.887-18.249-3.652-23.913-7.537-5.658-18.187-4.221-23.98 3.157l-.004-.002-38.188 51.047-38.188-51.047-.006.009c-5.793-7.385-16.441-8.822-23.981-3.16-7.539 5.664-9.125 16.293-3.649 23.911l-.008.005 44.245 59.144-44.245 59.143.008.005c-5.477 7.62-3.89 18.247 3.649 23.909 7.54 5.664 18.188 4.225 23.981-3.155l.006.007 38.188-51.049 38.188 51.049.004-.002c5.794 7.377 16.443 8.814 23.98 3.154 7.539-5.662 9.125-16.291 3.652-23.91l.008-.008z"/>
+  </g>
+</svg>

docs/static/img/providers/discord.svg

@@ -1 +1,3 @@
-<svg width="2184" height="2500" viewBox="0 0 256 293" xmlns="http://www.w3.org/2000/svg" preserveAspectRatio="xMidYMid"><path d="M226.011 0H29.99C13.459 0 0 13.458 0 30.135v197.778c0 16.677 13.458 30.135 29.989 30.135h165.888l-7.754-27.063 18.725 17.408 17.7 16.384L256 292.571V30.135C256 13.458 242.542 0 226.011 0zm-56.466 191.05s-5.266-6.291-9.655-11.85c19.164-5.413 26.478-17.408 26.478-17.408-5.998 3.95-11.703 6.73-16.823 8.63-7.314 3.073-14.336 5.12-21.211 6.291-14.044 2.633-26.917 1.902-37.888-.146-8.339-1.61-15.507-3.95-21.504-6.29-3.365-1.317-7.022-2.926-10.68-4.974-.438-.293-.877-.439-1.316-.732-.292-.146-.439-.292-.585-.438-2.633-1.463-4.096-2.487-4.096-2.487s7.022 11.703 25.6 17.261c-4.388 5.56-9.801 12.142-9.801 12.142-32.33-1.024-44.617-22.235-44.617-22.235 0-47.104 21.065-85.285 21.065-85.285 21.065-15.799 41.106-15.36 41.106-15.36l1.463 1.756C80.75 77.53 68.608 89.088 68.608 89.088s3.218-1.755 8.63-4.242c15.653-6.876 28.088-8.777 33.208-9.216.877-.147 1.609-.293 2.487-.293a123.776 123.776 0 0 1 29.55-.292c13.896 1.609 28.818 5.705 44.031 14.043 0 0-11.556-10.971-36.425-18.578l2.048-2.34s20.041-.44 41.106 15.36c0 0 21.066 38.18 21.066 85.284 0 0-12.435 21.211-44.764 22.235zm-68.023-68.316c-8.338 0-14.92 7.314-14.92 16.237 0 8.924 6.728 16.238 14.92 16.238 8.339 0 14.921-7.314 14.921-16.238.147-8.923-6.582-16.237-14.92-16.237m53.394 0c-8.339 0-14.922 7.314-14.922 16.237 0 8.924 6.73 16.238 14.922 16.238 8.338 0 14.92-7.314 14.92-16.238 0-8.923-6.582-16.237-14.92-16.237" fill="#7289DA"/></svg>
+<svg width="32" height="32" viewBox="0 0 256 293" xmlns="http://www.w3.org/2000/svg" preserveAspectRatio="xMidYMid">
+  <path d="M226.011 0H29.99C13.459 0 0 13.458 0 30.135v197.778c0 16.677 13.458 30.135 29.989 30.135h165.888l-7.754-27.063 18.725 17.408 17.7 16.384L256 292.571V30.135C256 13.458 242.542 0 226.011 0zm-56.466 191.05s-5.266-6.291-9.655-11.85c19.164-5.413 26.478-17.408 26.478-17.408-5.998 3.95-11.703 6.73-16.823 8.63-7.314 3.073-14.336 5.12-21.211 6.291-14.044 2.633-26.917 1.902-37.888-.146-8.339-1.61-15.507-3.95-21.504-6.29-3.365-1.317-7.022-2.926-10.68-4.974-.438-.293-.877-.439-1.316-.732-.292-.146-.439-.292-.585-.438-2.633-1.463-4.096-2.487-4.096-2.487s7.022 11.703 25.6 17.261c-4.388 5.56-9.801 12.142-9.801 12.142-32.33-1.024-44.617-22.235-44.617-22.235 0-47.104 21.065-85.285 21.065-85.285 21.065-15.799 41.106-15.36 41.106-15.36l1.463 1.756C80.75 77.53 68.608 89.088 68.608 89.088s3.218-1.755 8.63-4.242c15.653-6.876 28.088-8.777 33.208-9.216.877-.147 1.609-.293 2.487-.293a123.776 123.776 0 0 1 29.55-.292c13.896 1.609 28.818 5.705 44.031 14.043 0 0-11.556-10.971-36.425-18.578l2.048-2.34s20.041-.44 41.106 15.36c0 0 21.066 38.18 21.066 85.284 0 0-12.435 21.211-44.764 22.235zm-68.023-68.316c-8.338 0-14.92 7.314-14.92 16.237 0 8.924 6.728 16.238 14.92 16.238 8.339 0 14.921-7.314 14.921-16.238.147-8.923-6.582-16.237-14.92-16.237m53.394 0c-8.339 0-14.922 7.314-14.922 16.237 0 8.924 6.73 16.238 14.922 16.238 8.338 0 14.92-7.314 14.92-16.238 0-8.923-6.582-16.237-14.92-16.237" fill="#7289DA"/>
+</svg>

docs/static/img/providers/facebook-2.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="1298" height="2500" viewBox="88.428 12.828 107.543 207.085"><path d="M158.232 219.912v-94.461h31.707l4.747-36.813h-36.454V65.134c0-10.658 2.96-17.922 18.245-17.922l19.494-.009V14.278c-3.373-.447-14.944-1.449-28.406-1.449-28.106 0-47.348 17.155-47.348 48.661v27.149H88.428v36.813h31.788v94.461l38.016-.001z" fill="#3c5a9a"/></svg>